Hi
I'm wondering the following scenario:
If I give somebody an FTP access to /plugin dir, is that a security risk? Can that person run a php script that can possibly download some "secret" files within /wp-admin/ folder? Or in any other folder other than /plugins for that matter?
Would that be same if I give FTP access to /themes dir?
Yes. They can upload a file that runs php and connects to the database and drops all the tables.
So.... bad idea.
hahaha.. it looks very dumb question for a guy who worked on WPMU for a very long time. I guess I needed that hammer on my head ;)
Thanks Andrea.
That being said, I have given a *trusted* user specific access to their uploads folder. She needed to upload very large files, and it was easier all around that way, and more efficient.
:D