I've noticed that when you set up file uploads in Drupal, the default directory permissions don't allow you to FTP files to the upload directory.
Can anyone point to or offer an explanation for why that's true? My vague recollection (though I can't lay my hands on anything that verifies this) is that having permissions set in such a way that FTP would work opened up a security hole. Is that true?
Does anyone know of any ways to work around that?
This is related to another question I've just posted, about uploading large files via Drupal:
http://drupal.org/node/308776
If I could be confident that I could safely configure FTP for upload to the same directory as HTTP uploads, I wouldn't feel as strong a need to find a large-file upload mechanism that would work from within Drupal.
