i don't exactly understand what the security risks are with file uploads. i'm making a PHP script where people will be able to upload a picture and i know that the directory where i'm gonna store the files has to be writable by PHP (777 i guess). i understand all of that. and i know how to make sure that it's an actual file upload and all that stuff. no problem.
but what are the security risks (on a shared host) that are always mentioned, with the directory being writable by PHP? what can happen? could someone on my host that knows my username like make a PHP script and go to my directory (like /home/username/public_html/pictures) and delete all the files or something, since their PHP script, i assume, is running as the same user as me?
i've never really seen a good explanation of the security risks of world writable dirs. so if someone could explain what bad things could be done, how they could be done, and what, if anything, can be done to prevent them i'd really appreciate it!