-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel F. Kudwien schrieb:
Um, perhaps you all have not seen previous threads about the hazards of allowing executable code in a writeable directory?
-Peter
By referencing to those 'obvious' discussions without any link or quote, I'm feeling quite stupid now. I've searched drupal.org, the development list archives and Google for the terms executable, code, writeable, directory(, drupal). Guess what? I did not find any thread containing useful, deep-insight information about why other systems like JOS/MOS are (more or less) successfully using writable directories for their modules [components] for quite some time now and Drupal is not.
Successful? My ass. Some stupid script kiddie managed to hack "my" server because I let a friend run Joomla there and one of its components allowed remote file uploads. Luckily, the uploaded php script didn't work and my server did not become a spam sending zombie and I did not have spend weeks to get it out of blacklists again. Sadly, I still had to spend a night to cleanly set up the machine again.
Could someone please direct me/us to some einlightening issues and/or threads? That would be greatly appreciated.
Isn't the fact that it has bit me once good enough? :p Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG6Uovfg6TFvELooQRApzfAJ4jiGa9G65yVuPYIfKtqf3KgmBjnQCgkrPf z7MVJkdPcn10LdwF85DK6DE= =hYKa -----END PGP SIGNATURE-----