[Phpmyadmin-devel] sessions/cookies vs. javascript
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Tue Sep 27 06:24:50 CEST 2005
Garvin Hicking a écrit :
> Hi!
>
>
>>><?php
>>>$d = opendir('/tmp');
>>>while (($file = readdir($d)) !== false) { echo $file . "\n"; }
>>
>>uuh, bad, this is really a misconfiguration! the web (apache and/or php) user
>>should not have read access an this directory! only on the files created by
>>themselves in there!
>
>
> You are right, I messed this up myself by making /tmp world-writable. Sorry for
> the hassle. :)
>
> Regards,
> Garvin
>
/tmp has always been world-writable, and IMO it should stay this way.
This is the very goal of this directory. The problem comes from using
/tmp for session data.
Marc
More information about the Developers
mailing list