chnax
November 18, 2011, 10:57am
1
The CAssetManager improvements introduces in
svn revision 3444 "Better performance for CAssetManager when forceCopy is used"
now need the webserver process to have write permission in the asset source directories.
>> touch($src,$maxmtime);
I think this is a security issue, I would like to restrict write permissions to as few places as possible.
Hopefully this work-in-progress is this going to change again?
[ Sorry, not sure, if this should open a bug-ticket, as this is trunk version … and don’t have gmail yet … ]
mdomba
November 18, 2011, 11:44am
2
I’m not sure what you mean exactly but the webserver should have a write permission to the assets folder in any case… because the “assets” files are copied there in the first place
why would that be a security issue?
Ben
November 19, 2011, 4:17am
3
CAssetManager:234-239, looks like the source files/ folders that are to be published will be touched by this code.
samdark
November 20, 2011, 8:44pm
4
Removed that part for now.
