If you do a grep for '0777' on the current code you'll find tons of extensions that grant world-writeable access to cache or other directories.
Can we rather have a method that makes it 0755 or 0775 depending if the developer uses the same server-user for web and console execution or two different users, you could even make the usernames configurable in the config.yml, defaulting to www-data.www-data Yeah 0777 is simple, but it just means taking away the responsibility for security from the user and doing it wrong. greetings, Benjamin -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
