Posted by Curt Zirzow on 10/04/38 11:05

* Thus wrote SED:
> Hi,
>
> Sometimes when I write a PHP-script and upload it to a ISP through password
> protected FTP, the only way to write data to a folder is to run chmod 777
> for that folder, I want to write (or save) a data to (e.g. file-upload,
> flat-file-database). However, if I do so, I have been told, everyone can
> write data to that file, which is a security risk. Is that true?

yes, chmod'ing a directory to 777 is not the wisest thing to do.

If security is a major concern you can lock down you directory you
wish to have your files stored in on a shared server with some
context like:

Assuming you have your files stored in:

/www/domain.com/htaccess ; the docroot
/www/domain.com/special ; locked down files
/www/domain.com/ ; your ftp root

via ftp make a directory:
/www/domain.com/special/store/

chmod 777 /special/store

Then make a php script that does something like:

mkdir('/www/domain.com/special/store/files/');
chmod('/www/domain.com/special/store/files', 0700);

execute the script with the browser.


Now back in ftp:
chmod 755 /special/store


And wala.. your /www/domain.com/special/store/files is secure as
long as open_basedir is in effect.


HTH,


Curt
--
Quoth the Raven, "Nevermore."

• Next in thread: Re: [PHP] Security - chmod 777 - PHP upload/write
• Prev in thread: Security - chmod 777 - PHP upload/write
• Next in forum: Re: [PHP] Re: What program to use to make thumbnail images?
• Prev in forum: Re: [PHP] 403 not working -- apache 2 / php5 / linux
• Thread view: Security - chmod 777 - PHP upload/write

[Reply to this message]