On Sat, 2013-10-19 at 18:57 -0400, Joey J wrote: > Hello All, > > I just wanted to see the best way to securely accomplish this task. > when we want to update a DB we upload to a writable directory instead of > writing it directly to MySQL, I don't like having writable directories if > possible. > Is there a right or better way to accomplish this? > > Thanks! > There's nothing inherently wrong with having a directory writeable on your web server, but you should ensure it's running with the least privileges it requires to complete your task. So, make sure that the Apache user is also the owner of the directory, then you only need to give it 755 permissions (it's always unwise to use 777 on a production server). Another thing you can do is to place the upload directory outside your web root so that it's not accessible via a browser. I can see why you wouldn't want to import it directly into the database though. I recently had to "fix" a script of mine because someone thought it would be a good idea to change the order of a bunch of fields in a CSV, and added a new field in the middle rather than at the end. Having a script in between the CSV and the database can ensure some sort of data quality check is in-place before importing bad data. Thanks, Ash http://www.ashleysheridan.co.uk
