Results 1 to 2 of 2
Thread: Backend Security
Feb 18, 2007, 09:36 #1
- Join Date
- Apr 2005
- Cedarville Ohio, or Newark Delaware (summer)
- 0 Post(s)
- 0 Thread(s)
This may be an easy question for someone...
I like making simple CMS "backend" sections of websites for clients where they can edit certain parts of the site via a textarea. When the textarea form is submitted, a file is overwritten in a directory. Then that file is included via PHP into the page.
The problem is that in order to use this system, the included pieces have to be CHMOD-ed to 777 so that they can be read and written to via the textarea.
That poses a tremendous security problem since at 777 anyone can edit the files. The actual "backend" is password protected.
Any suggestions? Am I going about this all the wrong way?
Feb 18, 2007, 10:03 #2
Keep the files outside the web server root (public_html in apache). Also you can set the file owner to the user php is running under and set the permissions to 755.Saul