Why PHP is so much more popular for web-development
Chris Mellon
arkanes at gmail.com
Thu Jul 26 17:12:54 EDT 2007
On 26 Jul 2007 13:26:33 -0700, Paul Rubin
<"http://phr.cx"@nospam.invalid> wrote:
> Steve Holden <steve at holdenweb.com> writes:
> > > That sounds trivial to ameliorate (at least somewhat) by putting your
> > > uploads in a directory whose name is known only to you (let's say it's
> > > a random 20-letter string). The parent directory can be protected to
> > > not allow reading the subdirectory names.
> >
> > But you have to admit that's "security by obscurity".
>
> I'm not completely sure it's security by obscurity if the system setup
> is careful. The pathname is like a password and maybe it can be
> proteced from exposure to the same degree that other file system
> contents are protected. This would not pass review for protecting
> launch codes, but neither most things done on even serious commercial
> web sites.
> --
Would you make this directory name be the username+the password? If
not, why not? The answer is the same reason why this isn't a reliable
method of security.
That said, no hosting provider I'm aware of (even the really cheap
ones) runs in a purely shared environment anymore. They use suexec or
fakejail or something at the very least. This is for their own
protection as much (or more) than it is to protect their customers
data, though.
More information about the Python-list
mailing list