[snip] For few years now I've been creating custom CMSs and I've been having an "images" folder with permissions 777 so the PHP script can upload images through the CMS. ... Anyways I was wondering if there is a way to upload through PHP without having "write" permission to "all". Is there a way maybe, for the script, to change permission to "write" before the upload and then take it off? or anything else I can do to protect the dir? [/snip]
First of all the directory needs only to be world-writable, so a 446 permission should work on the directory, resulting in dr--r--rw-. Since the Apache likely operates "nobody nogroup" you would also want to set the ownership properly. Anyone with root access to the server could still do harm, but hopefully you don't have a lot of those folks running around. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
