Reply to Re: Flat file security

Your name:

Reply:


Posted by Ray on 10/03/05 14:02

Peter van Schie wrote:
> raykyoto@gmail.com wrote:
> > I can do #1 and I was wondering if that is sufficient. As the non-root
> > user, I guess I cannot do #2... Can I also move the php scripts that
> My pick would also be option #1. Moving the php scripts outside the
> webdirectory is not only not necessary, but also impossible if you still
> want to execute them from the web.

Ah, I see. I didn't know it would not be possible to run php scripts
if they are outside the web directory. Thanks!

> > 1) directory of the php scripts that writes the flat files
> > -rwx---r-x
> >
> > 2) the php scripts that writes the flat files
> > -rwx---r-x
> >
> > 3) the directory of the flat files
> > -rwx---rwx
> >
> > 4) the flat files themselves
> > -rwx---rw-
> I'm not sure why you leave all the group permissions empty and why other
> (world) do get permissions. If the webserver user is the owner of the
> flat files directory, you can change that to -rwx------
> Same goes for the flat files themselves.

Hmmm...I noticed the files are made by the user www-data. I guess I
didn't know what privileges it had. I enabled the world permissions
for the directories and files for it...

I also tried chown'ing the file so that www-data owns it. I also tried
to create a group so that only I and www-data are in it. Neither seems
to work as I'm not the root user.

But, say I could make files owned by www-data and give it -rwx------.
How could I read them?

> No, not as long as PHP works on the webserver, because the script gets
> interpreted by the webserver and only the output of the scripts is being
> sent to the client (webbrowser).

Since php is server-side code, this is what I thought; but I also was
worried that there is some way to get around it. Thanks for confirming
to me that there isn't.

Ray

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация