Login | Register
My pages Projects Community openCollabNet

Discussions > issues > [Issue 219] coWiki always keeps temporary files in htdocs

Discussion topic

Back to topic list

[Issue 219] coWiki always keeps temporary files in htdocs

Author dgorski
Full name Daniel T. Gorski
Date 2005-09-12 11:30:11 PDT
Message http://cowiki.tigris​.org/issues/show_bug​.cgi?id=219

------- Additional comments from dgorski at tigris dot org Mon Sep 12 11:30:11 -0700 2005 -------
>Daniel, please confirm if this is an issue.

If it is an issue, then it is not a coWiki, but a XAMPP issue. I have no Windows
here where I could check this XAMPP-thing.

>Is this a security vulnerability?

Basically this is a security vulnerability, yes.

>Should the installer deal with setting this up (maybe it already does?)

What could be done by the installer, is to set the TEMP-path in the core.conf
file explicitly to the session path used by PHP internally (session.save_path),
which per definition should be always secure and not reachable by an user agent.

Letting the user (and not an admin) to decide where the temporary files should
go, is basically not a good idea - stikes me.
regards dtg

« Previous message in topic | 1 of 1 | Next message in topic »


Show all messages in topic

[Issue 219] coWiki always keeps temporary files in htdocs dgorski Daniel T. Gorski 2005-09-12 11:30:11 PDT
Messages per page: