|
Posted by dredge on 05/25/07 16:51
Hi, the PHP manual says that there are three separate sets of users
that the chmod funtion recognizes: the owner of the file, the group
that the owner is in, and everyone else. How does the server keep
track of who created the file? I don't see how this could be managed
with cookies or by tracking ip addresses.
Also, how do I create user groups for chmod to recognize?
The project I am working on involves users uploading files to a single
directory on the server. The MySQL database keeps track of who
created which file (based on the file's name and the user's username)
and only allows the users to view files they created. My problem is
that my php script only lists the user's files, but when they are
viewing a file, the user may easily change the url to the name of a
file they are not authorized to view, and then successfully view it.
I have no idea how to secure this system, other than using the chmod
function.
-Karl
[Back to original message]
|