Why PHP is so much more popular for web-development
Steve Holden
steve at holdenweb.com
Thu Jul 26 15:11:29 EDT 2007
Paul Rubin wrote:
> Jeffrey Froman <jeffrey at fro.man> writes:
>> Consider a PHP-based CMS that allows users to upload files. Because the
>> application runs as the webserver user, uploaded files, and the directory
>> where they reside, must be accessible and writable by that user. It is the
>> same user that any other hosting customer on that machine has access to.
>> Thus, any user on the shared host could write a quick CGI script that
>> accesses, adds, removes, or defaces your uploaded content.
>
> That sounds trivial to ameliorate (at least somewhat) by putting your
> uploads in a directory whose name is known only to you (let's say it's
> a random 20-letter string). The parent directory can be protected to
> not allow reading the subdirectory names.
But you have to admit that's "security by obscurity".
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------
More information about the Python-list
mailing list