Hi, I've written a web based file manager using PHP and running on an apache 2 server. Before putting it on a live webserver i'd like to get some security suggestions. Desired Goals: 1. Read, write text files from a web browser. 2. Files should be owned by me so as not to be readable\writable to other webserver users or their scripts. Will running in safe mode allow my file manager to read\write files as "me" and not as "apache" or the UID of apache? If i keep my data directory outside of apache's document root, will this prevent remote viewing of it? If i keep my PHP scripts out of document root, will they be hidden from remote viewers? My likely webtree directory strutcure is this: Document Root: /var/www/html/myWebsite PHP Scripts: /var/www/php/myWebsite My data the file manager will access: /var/www/data/myWebsite All three directories will be owned by my user id. Apache will be configured to run scripts from the scripts dir. The data dir will be opened with open_baseDir. I will set up .htaccess on the data directory. Combine this with safe mode, and will i have the desired effect? Thanks, -brett -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
