You are here: apache2/php file manager: security suggestions « PHP « IT news, forums, messages
apache2/php file manager: security suggestions

Posted by Brett on 05/10/05 19:14

Hi,

I've written a web based file manager using PHP and running on
an apache 2 server. Before putting it on a live webserver i'd like to get
some security suggestions.

Desired Goals:

1. Read, write text files from a web browser.
2. Files should be owned by me so as not to be readable\writable to other
webserver users or their scripts.

Will running in safe mode allow my file manager to read\write files as
"me" and not as "apache" or the UID of apache?

If i keep my data directory outside of apache's document root, will this
prevent remote viewing of it?

If i keep my PHP scripts out of document root, will they be hidden from
remote viewers?

My likely webtree directory strutcure is this:


Document Root:

/var/www/html/myWebsite

PHP Scripts:

/var/www/php/myWebsite

My data the file manager will access:

/var/www/data/myWebsite

All three directories will be owned by my user id. Apache will be
configured to run scripts from the scripts dir. The data dir will be
opened with open_baseDir. I will set up .htaccess on the data directory.

Combine this with safe mode, and will i have the desired effect?

Thanks,
-brett

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация