SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Apr 2005
    Location
    Cedarville Ohio, or Newark Delaware (summer)
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Arrow Backend Security

    This may be an easy question for someone...

    I like making simple CMS "backend" sections of websites for clients where they can edit certain parts of the site via a textarea. When the textarea form is submitted, a file is overwritten in a directory. Then that file is included via PHP into the page.

    The problem is that in order to use this system, the included pieces have to be CHMOD-ed to 777 so that they can be read and written to via the textarea.

    That poses a tremendous security problem since at 777 anyone can edit the files. The actual "backend" is password protected.

    Any suggestions? Am I going about this all the wrong way?

    THANKS!

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Keep the files outside the web server root (public_html in apache). Also you can set the file owner to the user php is running under and set the permissions to 755.
    Saul


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •