|
|
Posted by Adam Baker on 09/18/07 15:42
On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Adam Baker wrote:
> > Hello,
> > I'm writing a site where a handful of people will be able to edit
> > the content using PHP scripts (FCKeditor). The content is stored as
> > individual files in a directory. I'd like to validate the "editors"
> > using PHP, cookies, etc.
> > The question is what file permissions I need to allow for the
> > content to be writable by my PHP script. Do I really need to give
> > write permissions to the "other" group. Are all wikis really that
> > vulnerable? (yes, I know that's the point, but for restricted wikis,
> > for instance...)
>
> > Thanks,
> > Adam
>
> The only one doing the writing will be the Apache user itself. The
> system doesn't know or care who is using the editor - that's completely
> between Apache and the user.
>
> And beware that unless you implement your own security, any of those
> people will be able to edit any of the files.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
Thanks for your reply. I am quite ignorant here, so I will see whether
I can even ask a coherent follow-up. So the PHP script is run by the
Apache user. Is that the user that owns Apache, or a special username?
It would seem, then, that I would want to give rwx permissions for the
content files to that user alone (and myself), not do a chmod 777. Is
that right?
Thanks,
Adam
Navigation:
[Reply to this message]
|