RE: FN-FORUM: Security on files/folders

date posted 18th August 2004 12:01

Hi Stephen

>So my question is, do I really need to secure this (I think I do) ? If
>so, any other bright ideas on how to do so?

With safe mode on you don't have a lot of options for changing the user,
group or permissions on the fly. PHP allows you to use chmod(), chgrp() and
other such Linux commands from your code, but safe mode checks whether the
directories/files have the same uid as the script before allowing you to
execute it.

http://aspn.activestate.com/ASPN/docs/PHP/features.safe-mode.html

Something that you *could* do, if your ISP allows it, is to locate the
directories in question outside of the www tree, so that apache user access
sits in a kind of sandbox that doesn't allow access to the scripts within
the site itself...but it would depend on the structures allowed by the ISP
you are using.

Caz



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.739 / Virus Database: 493 - Release Date: 16/08/2004