➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2003-10-29 17:20 by mr_perl, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg18802 - (view) | Author: Matt Steven (mr_perl) | Date: 2003-10-29 17:20 | |
/usr/share/doc/python-docs-2.2.3/html/lib/node305.html Contains the suggestion: "When reading or writing external files, make sure they can be read or written by every user on the system." This is terrible advice, suggesting you make all your files 777. This line should be removed, or replaced with something like "When reading or writing external files, make sure they can be read or written by the web server or appropriate suexec UID" |
|||
| msg18803 - (view) | Author: Alex Martelli (aleax) *  |
Date: 2003-11-02 16:31 | |
Logged In: YES
user_id=60314
The advice as given is indeed bad security. I have replaced it with:
\item When reading or writing external files, make sure they can be
read or written by the userid under which your CGI script will be
running: this is typically the userid under which the web server is
running, or some explicitly specified userid for a web server's
\samp{suexec} feature.
and committed the change on the 2.3 branch on CVS.
|
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:00 | admin | set | github: 39473 |
| 2003-10-29 17:20:59 | mr_perl | create | |