* Thus wrote SED:
> Hi,
>
> Sometimes when I write a PHP-script and upload it to a ISP through password
> protected FTP, the only way to write data to a folder is to run chmod 777
> for that folder, I want to write (or save) a data to (e.g. file-upload,
> flat-file-database). However, if I do so, I have been told, everyone can
> write data to that file, which is a security risk. Is that true?
yes, chmod'ing a directory to 777 is not the wisest thing to do.
If security is a major concern you can lock down you directory you
wish to have your files stored in on a shared server with some
context like:
Assuming you have your files stored in:
/www/domain.com/htaccess ; the docroot
/www/domain.com/special ; locked down files
/www/domain.com/ ; your ftp root
via ftp make a directory:
/www/domain.com/special/store/
chmod 777 /special/store
Then make a php script that does something like:
mkdir('/www/domain.com/special/store/files/');
chmod('/www/domain.com/special/store/files', 0700);
execute the script with the browser.
Now back in ftp:
chmod 755 /special/store
And wala.. your /www/domain.com/special/store/files is secure as
long as open_basedir is in effect.
HTH,
Curt
--
Quoth the Raven, "Nevermore."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
