Setting file permissions and groups

A

Anonymous

Guest
unfortunately its quite difficult. The PHP scripts get executed as the webserver user (Apache) or as the owner if its running under suexec. I suspect if you have to have 777 permissions for it to work its running under Apache's user. In that case there isn't really a great deal you can do. It's quite common for 777 folders to be exploited. Just make sure your code is well written with security in mind.
 
Disclaimer: This may sound the wrong way, but I don't intend to insult you



But NEVER EVER EVER put a file 777.
EVER.

In order for files to be uploaded, the DIRECTORY needs to be read/writeable by the webserver user only.
You can control the types of files that are uploaded by your php, using the meta tags of your images. Check php.net/_FILES for more info.

This prevents losers who pick their butts from putting files up and trying to hack your server.
 
You must log in or register to reply here.
Back
Top