OK, seeing as tweets are getting lost I’ll drop in and give my two penneth.

The whole point of a CMS is to make things a great deal easier and making a web directory non-writable negates a lot of the capability of this. Those of us who’ve been around for a while are chronically aware of cross-site scripting (XSS), remote execution and other vulnerabilities that exist. We’re also aware that the only solution which allows people to still practically use a CMS for its intended purpose is to sanitise the life out of anything and everything which comes from an external source (and quite a few things from internal sources too). My paranoia level on this is such that even supposedly trusted sources such as Facebook RealTime Updates are put through this process as a concentrated enough attack could very well compromise the shared ‘secret’.

Despite this, I do not see a good reason why locking down the files’ ownership away from the webserver is either practical or desirable and unless you can come up with a very good explanation as to why many thousands of server administrators and developers, some with decades of experience, are wrong I’m not about to change my mind on this.

The reason for this can maybe be best expressed with the words of Jello Biafra:
“Windows covered with bars, security guards, is that a house or a prison, how you gonna get out?”

When I bring up the subject of whether a security measure is practical, I mean that the benefit a process provides should outweigh the inconvenience or loss of functionality and should not in itself present any great problem. If I stick 15 deadlocks on my front door and weld it shut, it’s going to be exceedingly secure, so secure in fact that it no longer qualifies as either and entrance or exit and I may die of starvation before I can get it open again.

In the same way, locking down a server so the server itself cannot write to a directory may be useful if you have a sufficient level of technical expertise to use other secure methods of accessing the server but you’re going to the degree of effort with a requirement of skill that CMS’s are there to avoid and negating the entire point of the CMS. You’re also locking out all non-technical users, and they’re who CMS’s are written for.

There’s a long-standing principle which I first encountered in the writing of Arthur C. Clarke concerning space elevators. Space elevators are a fantastic idea because despite requiring engineering beyond what we can currently achieve, millions of tons of material and monumental effort to create, it is still considered that the effort saved in the long run will outweigh this colossal investment. High short-term investment for a long-term payoff. The same principle is evident in the modern CMS. The amount of effort required to make a CMS secure without locking the server down is more than outweighed by the amount of effort saved by not requiring every single user to possess specialist knowledge. To ignore this and require all users to use secure shell logins is to reject all progress made since the 1990s.