Walter, I received a reply from SL. To summarize what I was told…
[code]
It’s possible to setup Apache to run separate processes under
different user ID’s to enhance security, but our servers are not
configured in that manner now because doing so adds a level of
complexity and possible performance problems in a shared
environment. We are using a standard Unix permissions scheme to
protect user content. It offers some protection, but a crafty
user could probably find ways around it. We therefore recommend
that customers requiring enhanced security not use a shared
environment and instead go with a cloud or dedicated server to
ensure that they will be the only user on that system. But a new
folder created in /tmp/ with a long obfuscated name and 777
permissions might be reasonably secure against folder name guessing.
[code]
Which means that any cookies or headers I save in home/XXX/tmp/ would be invisible to other SL users if they access their webspace via FTP client, however if they used PHP or other means, it is possible they could guess names of hidden folders or files to access such content. But since no plain text passwords are saved in the cookie or header files that would be temporarily saved, this should not be a major issue, I wouldn’t think. Would you agree?
dynamo mailing list
email@hidden
Update your subscriptions at: