20
The problem to solve is this:
How can we have the webserver write to the templates_c directory without letting everyone else who have sites running on this shared webserver write to it?
Often, when running Apache, the webserver runs as the user "nobody" - for all the websites on the server. However, you upload files through an FTP user with a different username. Therefore you need to set the permissions for the templates_c folder to world writeable, so the "nobody" user can write to it. However, this means that since "nobody" is also running the other x websites on the same server, their scripts can also write to your templates_c folder.
What can you do about it? Not much.
What can the webserver host do about it? There are base_dir restrictions that can be applied, safe_mode settings can be configured - or the webserver can be configured to use PHPSuExec where each website is run as a separate user.
We would love to help out where we can, but this is mainly a server host configuration problem.
If the mentioned security measures bring problems with XOOPS, we will of course work on eliminating the problems, but securing an insecure host through PHP scripting is not all that easy.
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."
Cusix Software