Re: Fixing stupid PHP application design flaws
- To: "Debian Security" <debian-security@lists.debian.org>
- Subject: Re: Fixing stupid PHP application design flaws
- From: "Thijs Kinkhorst" <thijs@kinkhorst.com>
- Date: Mon, 2 May 2005 10:51:09 +0200 (CEST)
- Message-id: <[🔎] 1260.143.121.153.52.1115023869.squirrel@wm.kinkhorst.nl>
- In-reply-to: <20050430125449.GX7744@finlandia.infodrom.north.de>
- References: <20050428131508.GQ7744@finlandia.infodrom.north.de> <427141B0.6000405@nexit.nl> <20050430055531.GT7744@finlandia.infodrom.north.de> <20050430112025.GL2785@A-Eskwadraat.nl> <20050430125449.GX7744@finlandia.infodrom.north.de>
On Sat, April 30, 2005 14:54, Martin Schulze wrote:
>> "Simple makefile" doesn't match the typical person installing a web
>> application. A .tar.gz may already be too difficult, they want to be able
>> to ftp their files to their provider and it should work. Also, this
>
> Such people should stay being users and not try to become
> administrators, really.
This is put a bit too simple. I consider people that maintain a website to
be users, not administrators. Such a person should be able to add a web
forum or blogging tool to their site. And as it turns out, this is quite
well possible in practice. I see no sense in requiring someone to have
shell access to a webserver to upload content onto it, whether it's static
or dynamic content.
Your viewpoint requires shell access for webmasters and that creates extra
dependencies many of the more affordable webhosts do not offer. As many
good PHP applications show, it's perfectly well possible to meet the
upload-only requirement in a sane manner.
There are always applications that are dangerous to install, but they
would of course not adhere to good design practice in the first place.
Thijs
Reply to: