On Wed, 2003-01-08 at 06:50, Jeffrey_N_Dyke@Keane.com wrote: > > i know this is a bit down the chain, but i'm trying to keep the message > strings in tact.... > > but can't you set up your directory just like you set up your mysql Grants. > I have a directory that the web user owns, who is in its own group. so i > set the permisssions once, and its done. Also i don't store the folder > structure, i have a variable named for that folder structure then if the > folders move or you need to move your webservers, the path will dynamically > update, regardless of location. Here's the problem. You have two choices for permissions with uploads: 1. You can make the upload directory world-writable. This is a major security risk, as any other user on the system can write to it as well. 2. You can make the upload directory owned by the apache user (or whatever user your web-server runs as). This is a problem because you have to be root in order to make the change. Many users don't have this option. Uploading the file to a DB solves both of these problems. It presents its own problems too, though. Downloads of the binary data are slow. And it's difficult to get a user's browser to cache the dynamic pages. For example: Mozilla will cache a URL that looks like this: http://example.com/image.jpg, but it has trouble caching a URL like this: http://example.com/image.php?id=3. Does anyone know the right headers to send to get browsers to cache these dynamic image pages as if they were static images? --Dave -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
