Why PHP is so much more popular for web-development

[Paul Rubin]

Jeffrey Froman <jeffrey at fro.man> writes:
> Consider a PHP-based CMS that allows users to upload files. Because the
> application runs as the webserver user, uploaded files, and the directory
> where they reside, must be accessible and writable by that user. It is the
> same user that any other hosting customer on that machine has access to.
> Thus, any user on the shared host could write a quick CGI script that
> accesses, adds, removes, or defaces your uploaded content.

That sounds trivial to ameliorate (at least somewhat) by putting your
uploads in a directory whose name is known only to you (let's say it's
a random 20-letter string).  The parent directory can be protected to
not allow reading the subdirectory names.