PHP folder creation in IIS7.5

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
oliverm
Forum Newbie
Posts: 1
Joined: Tue Jul 26, 2011 10:07 am

PHP folder creation in IIS7.5

Post by oliverm »

Hi,

We are getting this error when creating folders using PHP on our IIS 7.5 server;

mkdir(): Permission denied in C:\inetpub\wwwroot\cms\make_dir.php

We can make it work by assigning the IUSR user write permissions on that folder. However that would also give any user visiting the site write permissions on that folder, something I'd rather not risk.

Can anyone think of either;

a) some way I can give PHP/IIS the ability to create folders in that directory without risking giving any visitor full access to that directory or...
b) some other way to achieve the same end result?

I thought about getting the web chaps to instead have the folders written to a directory outside of the web site structure. This folder structure could then be read by PHP, parsed, and displayed within a web page. It would mean people couldn't access it via http://blah.com/this_folder but they could go to http://blah.com/folderlist.php and then click on the entry they wanted.

What are your thoughts?

Olly
Post Reply