- bug report? no
- feature request? yes
- version: dev-master
Description
Nette Framework priority is to be secure by default. FileSystem::write() creates files that are rw for everyone. That is not secure by default. It allows everyone on the server to read and write to created file.
Imagine situation where that server is shared... (my case) Everyone who has access to server for whatever reason (e.g. to read logs) has rw access to files that has been created or modified by FileSystem::write().
Why not leave $mode to NULL and keep responsibility of setting proper permissions on system admin that configured that server? Setting chmod(0666) takes over the power of ACLs from system admin hands. He can't do anything about that then.
Description
Nette Framework priority is to be secure by default.
FileSystem::write()creates files that arerwfor everyone. That is not secure by default. It allows everyone on the server to read and write to created file.Imagine situation where that server is shared... (my case) Everyone who has access to server for whatever reason (e.g. to read logs) has rw access to files that has been created or modified by
FileSystem::write().Why not leave
$modeto NULL and keep responsibility of setting proper permissions on system admin that configured that server? Settingchmod(0666)takes over the power of ACLs from system admin hands. He can't do anything about that then.