Brian Mathis wrote:
You are being disingenuous here by selectively editing out the relevant quoted text from the same message above, which I will add back in as a quote here:
Disingenuous? Seems to me that it is a question of truth for you.
Once again. 'apache:apache' is a risk, but it is not wrong. And sometimes it is also needed, since webdave, for example, doesn't work without it. That was what I have tried to work out.
> Filipe Brandenburger wrote: > The only files you want writable by Apache are the ones that > a web application needs to write, like session files in PHP > or config file controlled by a web admin interface.By the way, if someone breaks into your server through Apache, apache:apache is your lowest problem, that's my opinion.
regards Olaf
This statement is quite silly. The type of configuration above could
Thank you, it is my greeting. You are silly too.
be the vector by which the server is compromised, so it is not at all the lowest problem. In that case it WOULD *BE* the problem.
Don't know why you are screaming here, maybe it is your personality.
regards Olaf