Posted: Mon Aug 11, 2003 12:27 am
I have notice badly setups at hosts, that only gives a user access to /www/ and not lower. So imho using encryption-alg's om some sort on /www/thefiles/???? or a blob-field in the db seems to be a good way to go.m3rajk wrote:the only way to stop people from surfing to it is making it an include out side fo the web tree.
andhedge wrote:Can't see how you could set permissions any differently, most installs I've seen php inherits the same user and permissions as the webserver so therefore if php can see it so can the webserver.
Good example is this boards phpBB, that I think does the same. Might scan that code for some ideas? =)McGruff wrote:Certainly, on the site I worked on, a file/folder created by php had a php/php owner/group and, if you have a similar setup you could use permissions to restrict access to files or folders.
In other ways, if youre httpd is running as root, it should be very possible, but then again, I dont think that it's the way to set it up...