SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot Teraflops's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Security Issue - need to be clarify

    Hello all

    I am currently creating a website that will be utilizing PHP, especially the administrator control panel. The administrator will be able to upload new files and to the server through these PHP scripts into designated folders. A concern came about to me the other day that got me confuse. The PHP pages will be either protect by another login script with cookie information or by .htaccess. But what will protect the folders that will contain files the admin uploaded for the general public to view. For example the site contains a picture gallery that is open to the public to see. The admin uploaded the file into the folder, where that folder was probably set to CHMOD 777. By having this folder set to write, does this allow other visitors to place files in there. I hope I explain this clearly. Please respond very confuse person here
    OneX Square Creation
    One man said Why ? ... Another man said Why not ?

  2. #2
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It doesn't allow visitors to put files in the folder, but it does allow other users on the server to put files in that folder, or delete files that have been uploaded. If possible you should change the group of the folder to www (chgrp) and chmod it as 775.
    ck :: bringing chris to the masses.

  3. #3
    SitePoint Zealot Teraflops's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Anarchos
    but it does allow other users on the server to put files in that folder, or delete files that have been uploaded.
    Other users on the server...not vistors...like another person who ahve there website on that server?

    Do you by any chance have or know (even a thread) a place where i can get a complete layout of all the "Chmod" commands and what they do ?
    OneX Square Creation
    One man said Why ? ... Another man said Why not ?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •