Posted by Jerry Stuckle on 09/14/07 12:06

Adam Baker wrote:
> Hello,
> I'm writing a site where a handful of people will be able to edit
> the content using PHP scripts (FCKeditor). The content is stored as
> individual files in a directory. I'd like to validate the "editors"
> using PHP, cookies, etc.
> The question is what file permissions I need to allow for the
> content to be writable by my PHP script. Do I really need to give
> write permissions to the "other" group. Are all wikis really that
> vulnerable? (yes, I know that's the point, but for restricted wikis,
> for instance...)
>
> Thanks,
> Adam
>

The only one doing the writing will be the Apache user itself. The
system doesn't know or care who is using the editor - that's completely
between Apache and the user.

And beware that unless you implement your own security, any of those
people will be able to edit any of the files.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Write a file to disk with PHP
• Prev in forum: Re: PHP5/ Apache strange install problem
• Thread view: Re: File permissions for a wiki-like site

[Reply to this message]