Re: Security - chmod 777 - PHP upload/write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Thus wrote SED:
> Hi,
> 
> Sometimes when I write a PHP-script and upload it to a ISP through password
> protected FTP, the only way to write data to a folder is to run chmod 777
> for that folder, I want to write (or save) a data to (e.g. file-upload,
> flat-file-database). However, if I do so, I have been told, everyone can
> write data to that file, which is a security risk. Is that true?

yes, chmod'ing a directory to 777 is not the wisest thing to do.

If security is a major concern you can lock down you directory you
wish to have your files stored in on a shared server with some
context like:

Assuming you have your files stored in:

/www/domain.com/htaccess  ; the docroot
/www/domain.com/special   ; locked down files 
/www/domain.com/          ; your ftp root

via ftp make a directory:
  /www/domain.com/special/store/

  chmod 777 /special/store 

Then make a php script that does something like:

  mkdir('/www/domain.com/special/store/files/');
  chmod('/www/domain.com/special/store/files', 0700);

execute the script with the browser.


Now back in ftp:
  chmod 755 /special/store


And wala.. your /www/domain.com/special/store/files is secure as
long as open_basedir is in effect.


HTH,


Curt
-- 
Quoth the Raven, "Nevermore."

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux