Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Folder Security

Status
Not open for further replies.
Slimsteve

Slimsteve

Technical User
Jun 10, 2003
67
GB
Hi

I am setting up an area on a website to allow users to upload files to the site, the upload is to be handled by a PHP script in a admin area of the site, which itself is behind a secure login area so can only be accessed by specified users.

When I uploaded files via the script and then try to CHMOD the folder to read only I get an error message about permissions etc.

So I created the folder using a PHP script and a MKDIR command which I assume creates the folder under the PHP userid (which is different to my normal user id). I then uploaded the files to the new directory and I can sucessfully CHMOD the folder and contents.

My questions are this:
1. When a folder is created by the PHP script using the MKDIR command how secure is it i.e. can it only be accessed by a PHP script to upload files???
2. Do I need to CHMOD the directory to 0644 or is it ok to leave it with the default settings when it is created by PHP?

As you can see I want to allow the site admins to upload and manage files, whilst also allowing normal site visitors to be able to read the files for viewing only but not able to upload or delete files from that directory.

Hope that makes sense, any advice or suggestions would be appreciated.

Slim
 
Sort by date Sort by votes
1. When a folder is created by the PHP script using the MKDIR command how secure is it i.e. can it only be accessed by a PHP script to upload files???
Not necessarily. It depends on the directory permissions.
2. Do I need to CHMOD the directory to 0644 or is it ok to leave it with the default settings when it is created by PHP?
It is recommended to have directory permissions to 0644 in which you are uploading files.If that are the default permissions after creating a direcotry its fine otherwise you can also do it programmatically (in your PHP script by using chmod command).

--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.
 
Upvote 0 Downvote
Thanks, that has helped me get a better understanding of how to handle the security on folders.

Slim
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

waubain
  • Locked
  • Question
Delete all of todays files in folder except for file dated closest to 12 noon
Replies
1
Views
173
waubain
waubain
coldbohemia
  • Locked
  • Question
network folder inaccessible from php is_dir function
Replies
2
Views
287
coldbohemia
coldbohemia
southbeach
  • Locked
  • Question
Use of classes and security issue 1
Replies
1
Views
129
vacunita
vacunita
southbeach
  • Locked
  • Question
Security Checklist for PHP application 1
Replies
5
Views
148
spamjim
spamjim
southbeach
  • Locked
  • Question
PHP / MySQL, Special characters, data integrity and security
Replies
1
Views
142
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top