Hello everyone:
I've created a little application that lets a user upload a JPG file from their browser.
The application works fine and all, but it will only save the file if the destination directory permission is 777. I'm thinking that this is a potential security problem, other users on the server could discover the directory and make modifications with a script in their account, right?
Can someone give me some insight as to whether this is the correct way to set up file uploading? If not, any suggestions?
Thanks,
Peter.
Uploading Files - Setting Directory Permissions
Moderator: General Moderators
OK, but I'm saying, let's say the upload directory is /home/myusername/httpdocs/images/upload, and that directory is 666 or 777, and another user executes the command rm /home/myusername/httpdocs/images/upload/somefile.jpg from within THEIR area on the server, wouldn't that result in the deletion of files from that directory?
And therefore, wouldn't another user be able to potentially delete everything from my upload directory?
And therefore, wouldn't another user be able to potentially delete everything from my upload directory?
I suspect that php runs under a different UID than your ftp login.
Use mkdir() to create the directory - not your ftp program. If the folder is owned by whatever UID php runs under, you can CHMOD it 755 or whatever.
The dirinfo command in your ftp program will let you view file/folder owners and groups.
Use mkdir() to create the directory - not your ftp program. If the folder is owned by whatever UID php runs under, you can CHMOD it 755 or whatever.
The dirinfo command in your ftp program will let you view file/folder owners and groups.