[Phpmyadmin-devel] sessions/cookies vs. javascript

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Tue Sep 27 06:24:50 CEST 2005

Garvin Hicking a écrit :
> Hi!
>>>$d = opendir('/tmp');
>>>while (($file = readdir($d)) !== false) { echo $file . "\n"; }
>>uuh, bad, this is really a misconfiguration! the web (apache and/or php) user
>>should not have read access an this directory! only on the files created by
>>themselves in there!
> You are right, I messed this up myself by making /tmp world-writable. Sorry for
> the hassle. :)
> Regards,
> Garvin

/tmp has always been world-writable, and IMO it should stay this way. 
This is the very goal of this directory. The problem comes from using 
/tmp for session data.


More information about the Developers mailing list