the author cites "allowing developers to connect to the host with the www-data user", and this is a very specific form of incompetence.
www-data is the name commonly used by debian and debian-based distros to run apache and other http servers. it's literally, just designed to run the executable, not to upload new version of webpages or anything.
there are countless ways to avoid this pitfall, the simplest that comes to my mind is creating another user for uploading stuff and adding such user to the www-data group.
at the end of the day... meh. people might start a campaign about how not to use the www-data or something else, but not-very-techy people will find another way to misuse a webserver.
the author cites "allowing developers to connect to the host with the www-data user", and this is a very specific form of incompetence.
www-data is the name commonly used by debian and debian-based distros to run apache and other http servers. it's literally, just designed to run the executable, not to upload new version of webpages or anything.
there are countless ways to avoid this pitfall, the simplest that comes to my mind is creating another user for uploading stuff and adding such user to the www-data group.
at the end of the day... meh. people might start a campaign about how not to use the www-data or something else, but not-very-techy people will find another way to misuse a webserver.