I got an homepage, on a webhotel where I cannot do any chmod(cheap server).
I am working on creating log files, and a system to automaticaly control it. Like create new log files if old is too big, delete old files if folder is to big, open last used, or create new if old is to big. Just so I can go on vacation and don't worry about log file maintenance. Thats done.
The homepage is made with ZF, and I have managed to find a way to display the content from log file.
Hopefully the apache is running in a separate user with priveliges to create, read, write, delete - and the visitors do not get to create, write, delete, but im not sure how to check for that (i have no access to config).
I was thinking of logging to an .php file. Then I could add some code in the beginning to check for something like ????? and in that way not show the content of the log file. Maybe some kind of define, and die if not set? Then my homepage could set it and show it.
Next concern is log file poisoning... not sure how to avoid that in an practical way. Maybe open the file with fopen, skip some tekst to get past the check, and escape the rest...?