I've mentioned this before I believe, but with the new change to the
way the image cache is organized I think I should mention it again.
Since the cache folder is world writable, it opens up the server to an
array of hack oportunities. Came accross this problem the hard way
when administering a nucleus-run blog. You can read about it here:
Anyway, my point is that the new image cache setup creates the
subfolders with 'owner' permissions only, and nothing else.
Effectively making the directories accessible only through a web
browser. I.e. I cannot use an ftp client, log in my account using my
password, and browse the directories, since i'm not the owner.
A permission setting of '700' on anything created by a script is
highly insecure as it denies the real owner of the file any easy
access to it. And changing the permission to 777 will NOT reduce the
security, since the 'world' where the need for security comes in is
already the 'owner' of the directory...
Is this a smarty thing? Haven't really looked at the smarty engine
ever, but it does look like something interesting and i should
probably learn how to set it up and use it...
Get latest updates about Open Source Projects, Conferences and News.