[Phpmyadmin-devel] sessions/cookies vs. javascript
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Tue Sep 27 06:54:14 CEST 2005
Sebastian Mendel a écrit :
> Marc Delisle wrote:
>
>> Sebastian Mendel a écrit :
>>
>>> Garvin Hicking wrote:
>>>
>>>> Hi!
>>>>
>>>>>> <?php
>>>>>> $d = opendir('/tmp');
>>>>>> while (($file = readdir($d)) !== false) { echo $file . "\n"; }
>>>>>
>>>>>
>>>>> uuh, bad, this is really a misconfiguration! the web (apache and/or
>>>>> php) user
>>>>> should not have read access an this directory! only on the files
>>>>> created by
>>>>> themselves in there!
>>>>
>>>>
>>>>
>>>> You are right, I messed this up myself by making /tmp
>>>> world-writable. Sorry for
>>>> the hassle. :)
>>>
>>>
>>>
>>> world writable is _not_ wrong,
>>> world readable is wrong! ;-)
>>>
>>>
>>
>> /tmp has always been world readable and writable!
>
>
> mhm, ok, but we can agree that it is a misconfiguration if the directory
> with the session-data is readable by the web user
>
>
Of course we agree on that. On top of that, I think that /tmp is there
by default for holding session data in php.ini-dist.
Marc
More information about the Developers
mailing list