I am trying to understand folder permissions for Kirby.
As I understand it apache needs write permissions to, at least the following folders:
- /content + all contained files and folders
But I have been warned that, although many cms seem to need this, allowing apache to write anywhere in document root is a huge security risk.
For example, according to this (quite old) blog post:
The usual threat model is that someone manages to upload (for instance) a PHP script of their own making into the document root, and simply executes that by accessing it through a browser. Now someone is executing code on your machine.
Is this actually the case with Kirby , or are there any specific security measures that Kirby uses which solve this possible risk?