|
Posted by Evert | Rooftop Solutions on 03/28/05 00:52
Thanx Johannes,
how about making the webserver the owner of the files? Would that be a
good idea?
The problem is that I have a framework deployed at several clients.
Because this are some big clients and demand high security they won't
give me a login to their ftp or consoles.
Understandable, but everytime there's an update I need to mail the files
and they have to install it. Imagine how much time that costs when
there's a problem after the update and they need files again. Very annoying.
I consider myself a good php scripter and I will be able to make my
scripts secure, so I need a good reason not to build in the
auto-updater. I can tell the server is a dedicated server for my
project, only has a webserver running (apache).
Argue with me :)
grt,
Evert
Johannes Findeisen wrote:
>Hello,
>
>It is generally not a good idea to make scripts to everybody writeable. I
>think that if you're implementing auto-update features in PHP scripts they
>only could be insecure. Okay, you have one more feature but what if this
>feature goes out of control? Be really carefull when writing such
>applications. Maybe there are nice and secure solutions which maybe work but
>you really should set a focus on security.
>
>More info:
>http://www.php.net/manual/en/function.chmod.php
>
>Regards
>
>hanez
>
>
[Back to original message]
|