Reply to Re: Flat file security

Your name:

Reply:


Posted by Peter van Schie on 10/03/05 12:08

raykyoto@gmail.com wrote:

> I can do #1 and I was wondering if that is sufficient. As the non-root
> user, I guess I cannot do #2... Can I also move the php scripts that
> write the flat files outside my web directory? Or is that not
> necessary?

My pick would also be option #1. Moving the php scripts outside the
webdirectory is not only not necessary, but also impossible if you still
want to execute them from the web.

> 1) directory of the php scripts that writes the flat files
> -rwx---r-x
>
> 2) the php scripts that writes the flat files
> -rwx---r-x
>
> 3) the directory of the flat files
> -rwx---rwx
>
> 4) the flat files themselves
> -rwx---rw-
>
> Is this possible? Can I do better?

I'm not sure why you leave all the group permissions empty and why other
(world) do get permissions. If the webserver user is the owner of the
flat files directory, you can change that to -rwx------
Same goes for the flat files themselves.

> I'm also new to php... I've hard-coded the paths to the flat files
> inside my php files, as one must, I guess. Is there a way for people
> to see the source of the php files so that they can extract the hard
> coded paths?

No, not as long as PHP works on the webserver, because the script gets
interpreted by the webserver and only the output of the scripts is being
sent to the client (webbrowser).

--
http://www.phpforums.nl

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация