Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Writable directory but still secure? 2

Status
Not open for further replies.
ThomasJSmart

ThomasJSmart

Programmer
Sep 16, 2002
634
Hi,,

On my webserver i want to chmod a directory so my php scripts can write files to it. How can i make this secure tho? Does making it writable for my php scripts make it writable in other ways?

I have already stopped the uploader in the site from alowing files that could contain php code (.php .html .phtml etc.).

Thank you,
Thomas

I learned a bit yesterday, today i learned a lot, imagine what i'll learn tomorrow!
 
Sort by date Sort by votes
File upload from PHP is generally safe; do not give public access to that directory and, especially, make sure that the directory where files should be saved is not in the apache webroot.

You may then chmod 740 the folder you are going to write to.

QatQat

Life is what happens when you are making other plans.
 
Upvote 0 Downvote
well thats kind of the problem... the folder has to have public read access..... :/ i was worried that part would be difficult...

I learned a bit yesterday, today i learned a lot, imagine what i'll learn tomorrow!
 
Upvote 0 Downvote
Typically, PHP handles file uploads by writing the files to a temporary location on the filesystem. On Linux by default this location is /tmp.

PHP then provides builtin commands for moving the files to a publicly-available location, one such command being move_uploaded_file(). The directory to where PHP moves the files must be writeable by the user as which Apache runs, but does not have to be world-writeable.





Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
ah.. ok, so its upload to user writable tmp folder, then system moves to system writable folder. :D
i can deffently do something with that info, cheers!

I learned a bit yesterday, today i learned a lot, imagine what i'll learn tomorrow!
 
Upvote 0 Downvote
Partially correct.

It's not "then system moves to system writable folder" it's "PHP script, when programmed to do so, moves the file to another folder". The process is not automatic.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
114
MCP2000
MCP2000
jponnusa
  • Locked
  • Question
Help on Mapping Local Directory for URL
Replies
1
Views
136
SamBones
SamBones
ahm1985
  • Locked
  • Question
sending email still send to email to control account although it deleted from useres list mailserve
Replies
3
Views
119
ahm1985
ahm1985
southbeach
  • Locked
  • Question
No such file or directory - yet, file is there
Replies
6
Views
241
SamBones
SamBones
waydown
  • Locked
  • Question
Can access primary domain but not subdomains!!!!
Replies
2
Views
122
waydown
waydown

Part and Inventory Search

Sponsor

Back
Top