Closed Jimbolino closed 7 years ago
chmod 777
is a security risk. It would enable anybody having access to the server (including another already compromised website on the same server) to overwrite the cache and potentially redirect the user toward compromised repositories.
If your setup requires that, it is a security issue on your server.
What would be an acceptable way to make the cache folder writable then?
The best way would be to have something similar to what Symfony requires for var
:
http://symfony.com/doc/current/setup/file_permissions.html
In any way, I think anything that is security related should default to something secure or (if that's impossible) something that just shouldn't work out of the box so it forces the responsibility of securing the setup to the user/sysadmin.
This said, that would indeed require the cache folder to be included in the repo. (So I'll merge #22 )
Why not let composer do it automatically?