Cache folder should be writable

wemakecustom / gitlab-composer

Gitlab Composer repository

163 stars 44 forks source link

Cache folder should be writable #23

Closed Jimbolino closed 7 years ago

Jimbolino commented 7 years ago

Why not let composer do it automatically?

lemoinem commented 7 years ago

chmod 777 is a security risk. It would enable anybody having access to the server (including another already compromised website on the same server) to overwrite the cache and potentially redirect the user toward compromised repositories.

If your setup requires that, it is a security issue on your server.

Jimbolino commented 7 years ago

What would be an acceptable way to make the cache folder writable then?

lemoinem commented 7 years ago

The best way would be to have something similar to what Symfony requires for var:

http://symfony.com/doc/current/setup/file_permissions.html

In any way, I think anything that is security related should default to something secure or (if that's impossible) something that just shouldn't work out of the box so it forces the responsibility of securing the setup to the user/sysadmin.

This said, that would indeed require the cache folder to be included in the repo. (So I'll merge #22 )