Robert Cummings wrote: > Personally, I prefer having my code outside the DocumentRoot > also, but I do not believe it is the simplest solution, and I do not > think it is "wrong" to place such information within the DocumentRoot. > The feature exists, application developers have chosen to use the > feature, it may be less secure, but it is not wrong.
Are we just discussing semantics then? I agree it's not wrong as such, but right and wrong are usually determined by the environment one is in and in a security-aware environment (such as I know them), letting the webserver write to the DocumentRoot would be wrong. Elsewhere it is perhaps at worst ill-advised. /Per -- Per Jessen, Zürich (11.5°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
