Hi everybody,
I am quite new to security. I've programmed PHP for some time now but have never needed any really robust security for my projects. However, I've undertaken a rather large project and now need some fancy security features.
I want a PHP script that can create PHP files on my web server. The creating script should only be executed by site admins. The script will then build another script which can then be executed by anyone who browses the site. Basically its a script to make PHP webpages.
E.G
admin/newPage.php < this script will create the HTML and PHP needed for the new page and then save it to root of the website
page001.php < this is the new page created which will need to be executed by browsers of the site. The directory in which page001.php is located will need to restricted except for the site admins who can exicute admin/newPage.php
The problem is I have no idea how to implement the security for such a idea or if its even possible.
I can control who can run the creating script quite easily. But how do I allow this script to write to the server without compromising security?
I honestly have no idea where to start my research. Can anyone point me in the direction of some info to get me started?
Does anyone know if what I am trying to do is even possible?
Thank you very much for your time
Andrew Wieland
I am quite new to security. I've programmed PHP for some time now but have never needed any really robust security for my projects. However, I've undertaken a rather large project and now need some fancy security features.
I want a PHP script that can create PHP files on my web server. The creating script should only be executed by site admins. The script will then build another script which can then be executed by anyone who browses the site. Basically its a script to make PHP webpages.
E.G
admin/newPage.php < this script will create the HTML and PHP needed for the new page and then save it to root of the website
page001.php < this is the new page created which will need to be executed by browsers of the site. The directory in which page001.php is located will need to restricted except for the site admins who can exicute admin/newPage.php
The problem is I have no idea how to implement the security for such a idea or if its even possible.
I can control who can run the creating script quite easily. But how do I allow this script to write to the server without compromising security?
I honestly have no idea where to start my research. Can anyone point me in the direction of some info to get me started?
Does anyone know if what I am trying to do is even possible?
Thank you very much for your time
Andrew Wieland