Why PHP is so much more popular for web-development

Steve Holden steve at holdenweb.com
Thu Jul 26 21:11:29 CEST 2007


Paul Rubin wrote:
> Jeffrey Froman <jeffrey at fro.man> writes:
>> Consider a PHP-based CMS that allows users to upload files. Because the
>> application runs as the webserver user, uploaded files, and the directory
>> where they reside, must be accessible and writable by that user. It is the
>> same user that any other hosting customer on that machine has access to.
>> Thus, any user on the shared host could write a quick CGI script that
>> accesses, adds, removes, or defaces your uploaded content.
> 
> That sounds trivial to ameliorate (at least somewhat) by putting your
> uploads in a directory whose name is known only to you (let's say it's
> a random 20-letter string).  The parent directory can be protected to
> not allow reading the subdirectory names.

But you have to admit that's "security by obscurity".

regards
  Steve
-- 
Steve Holden        +1 571 484 6266   +1 800 494 3119
Holden Web LLC/Ltd           http://www.holdenweb.com
Skype: holdenweb      http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------




More information about the Python-list mailing list