Hi. On Tue, 24 Dec 2013 09:59:39 +0100 Raffaele Morelli <raffaele.more...@gmail.com> wrote: > Yes, I missed this point. > > BTW, as I don't want to rewrite someone else system security rules, let's > say that: MY best practice is to have www-data or any other NON-root user > as the scripts owner.
So, basically you're allowing any php script to rewrite any php script with an arbitrary contents. An interesting policy, to say the least. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224133752.9a8f118c07350cc0bf756...@gmail.com
