> i've often pondered splitting this into externals and externalweb
> because not *all* of them need to be webserver writable. the web app
> may need only need read access to "imports" or "inbound_ftp" files, for
> instance. but for the few cases that it would never even need to move,
> delete or rename such files after processing them, it's never made it
> into the worth-the-effort category for me :-)
Just as a general reminder (consider it an "old timer's" babbling about the
past):
Make certain that external users cannot read files that have been uploaded
by external users until they have been vetted - especially if the inbound
side is able to be anonymous, or you will notice a significant number of,
shall we say, new and interesting files on your system as you become the
warez site of the day.
Brian
----
Brian T. Wightman
suppressed
414.524.4025
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.