What File Permissions To Keep Files Safe From Outside Users
My php source files should have what file permissions to keep them safe from outside users.I have chmod 711 but i want somefiles to be able to be downloaded eg txt,doc files.
View Complete Forum Thread with Replies
Related Forum Messages:
Users/permissions/files - LAMP
So I'm considering a small project that involves online file storage. Let's say I wanted to set up a site that allows people to log-on, create an account, and then have space to upload files. The problem I'm having concerns permissions, basically. Code:
View Replies !
File Permissions Of PHP Session Files
I noticed that the file permissions (unix) of the PHP session files have only read and write permissions for the Apache process (600 or rw- --- ---). Does anyone have any idea where this permission is set ? I can't find any umask or chmod settings for it in the php.ini file. Can't find anything in the httpd.conf either. Is it set in the PHP code that implements session_start()?
View Replies !
Safe From Users Inserting Unwanted Data
I created a comment form which will inserts the comments into a database and displays them immediately. I want to make sure that its safe from users inserting unwanted data into the database or executing queries. Here's my php code, is this done right? Is there anything else I should to to make it more secure? $handle = mysql_connect($host,$user,$password) or die ('Sorry, looks like an error occurred.'); $sql = "INSERT INTO comments (id, comment, name, quotekey) VALUES (NULL, '$comment', '$name', '$key')"; mysql_real_escape_string($sql); mysql_select_db($database); mysql_query($sql); mysql_close($handle);
View Replies !
Allow Users To Upload Images Without 777 Permissions?
I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission. Can a hacker remotely upload files to a 777 folder? Is there a way to allow users to upload images without 777 permissions?
View Replies !
.php Files - Permissions Are Set Public Readable - So Can Public Get To See Actual Raw File?
As a newbie to PHP is it in anyway possible for a casual web surfer to actually get to see the PHP behind my .php file. E.g. if index.php contained PHP code to check if the page had been called with a variable such as "password", is there anyway a public member can get to see the raw php file and therefore see what the password is? index.php might be: if ($_REQUEST[password]="secret") {[color=blue] >Then show one page[/color] else[color=blue] >show another page[/color] } So if a user visits with index.php?password=secret they get to see the secret page. But as the index.php has to have file permission set so that anyone can read it, I'm worried that the public can just somehow view the file and learn the password.
View Replies !
Safe Download Of Files
How to make download of a file from a PHP script? Generally, I can download files using 'download accelerator' as I know url of the file e.g., ~/archive.tar.tz But sometimes ( raretimes ), I can't do that e.g., OSoft Web site. Actually, we're making audios and videos available only to a valid user. If that files reside in filesystem, then, what are the tricks to pervent them from people, and only available to desired people through a PHP script?
View Replies !
Files, Permissions
I need to be able to set the owner properties of a file that is being uploaded so that it can be counted towards the file quota. Basically my setup is as follows: A user logins in, uploads a file, and this file is saved in a directory out of the public folder. The problem is that the group and the owner IDs are being set to 'nobody'. This means that the files are not being counted towards a users file quota since it is setup (and I cannot change this part) to count quotas based on file owners. I tried using chgrp and chown but it says I dont have permission to. I cant figure out how to do this.
View Replies !
Safe Mode & Files Manipulation
I'm trying to make my scripts work in safe mode for a few days and I'm starting to be really confused about the restrictions of the filesystem functions using this mode. I wonder if anyone could explain it to me.. The thing I know is that if you upload a PHP script through FTP, the user of this script is usually the site user (on my RAQ4 it's "siteX", with X being the ID of the site). On the other hand, if a PHP script create a file or directory (using copy, open, mkdir and other functions), the user of this file/directory is the apache user (usually httpd). (I believe this is solved in Apache 2.0 but it will be a loooong way until enough people upgrade to this version... ) From my tests, I found out that deleting a file (using the unlink() function) which has been created by a PHP script (so the UID is not the same) works! Reading or overwritting a file with a different UID is also not a problem. On the other hand if the directory where this file is located does *not* have the same UID, it fails. This is not what is written on the documentation for unlink(): "Checks whether the file(s)/directories you are about to operate on have the same UID as the script that is being executed. Checks whether the directory in which you are about to operate has the same UID as the script that is being executed." Includes seems to work the same way, although I have not tested it extensively. IE: you can't include a file if the directory where this file is located doesn't have the same UID, but it works fine even if the included file has a different UID. So it seems that files functions are not a problem in safe mode as long as the directories are not created by a PHP script. Is this true or is there another explaination? The PHP docs are very unclear about safe mode restrictions, they even admit it ("This is a still probably incomplete and possibly incorrect listing of the functions limited by safe mode.") so hopefully someone can enlight me on this subject.
View Replies !
Upload Files To A Safe Folder
I can upload files to my root directory files are. But it requires ftp users to access it , and i only got 5 accounts. I want visitors on my website to be able to download content without verifications or anything of that matter. How do I do that? I know that people can get hacked i believe by uploading a file to the root directory and doing something with chmod watever that is. how i upload files to a safe folder(how do i create a safe folder), where visitors can download from? Without any security leaks
View Replies !
Writing Files And Permissions.
If Apache is running as the user "www" and "www" is part of my group "wheel" should'nt i be able to create files with php in a directory that has the permissions of 0775? It seems i always need to make the directory 0777 to write to it, which doesnt seem right.
View Replies !
Change Permissions On Files
I understand that chmod(); is to change the permission on folder, but is it also used for changing file permissions? I need to take the images my users upload and change their permissions so they can delete them.
View Replies !
Safe Mode- Creating Files In New Directories
I'm trying to install a basic CMS I've written onto a server which has PHP safe mode enabled. Something fairly basic I want to do, is create a folder, and then create a file in that new folder. For some reason, when I try to do that, the folder created is given an owner ID different to that of the script, and so the folder is inaccessible. The script, and the parent folder I'm working in, both have permissions 0777 Code:
View Replies !
Permissions / Retrieving Uploaded Files
I have set up a website where visitors can upload files. We then ftp into the server to retrieve those files, however we cannot access them as they are chmod'ed to 600 by default. How do we gain access to these files, or chmod them when they are first uploaded by the user so we can download them with ftp? Added note - the server is telling me that the owner of the uploaded files are 'apache', which I guess is the default set up. Also tried the chmod command, but had no luck 'permission denied'..
View Replies !
Changing Write Permissions Of Files And Folder
i want to make the files and folder in my server write protected. i want to change the file read write permissions dynamically so that i canĀ change the write permission of the folder and upload files to it and again make the folder write protected.
View Replies !
Safe File Uploading
How safe is it including FTP login information inside a PHP file? What advantages does using FTPS provide? Does anyone know of any good articles/tutorials on FTPS?
View Replies !
File Permissions
Im in the process of creating a web based frontend for a program called ASK (Active Spam Killer - http://a-s-k.sourceforge.net) and am currently running into a problem. Currently there is a perl based web front end, but it lacks functionality, and is rather bland, although it does work, and it works without changing any file permissions. The problem im running into is that PHP requires me to make changes to file permissions (ASK files are located OUTSIDE of the web tree) which might end up causing problems as far as security and privacy of email. Has anyone come to any reasonable answer for this type of problem as im sure its a issue for other programs people write.
View Replies !
File Permissions....
I've read the stuff concerning writing to a text file and the related file permission issues on this forum.I have a script that does just that, it takes user-entered data from a Web Form and dumps it to a text file on a server. This works fine on my private server, but is giving me the error...."Could not open stream.Permission denied on Line..." on the company server...The Company machine uses Windows XP. I've tried talking to the System Administrator regarding the Permissions,but he says that giving READ/WRITE/EXECUTE Permissions could create Security Issues. I have been told that previously,a script written in ASP had been used that did exactly the same thing i.e writing to the text file, but there were no File Permissions needed to be set!
View Replies !
File Uploads With Php In Safe Mode
I wrote some code that handles file uploads with php in safe mode, but it raises some questions and I'm not sure if I like it or not. So I would appreciate some advice or answers to this: A host runs PHP in safe mode which prevents using copy() for file uploads. Instead I could use system() or exec() to move/copy the file to the desired destination. But since I prefer letting PHP handle this stuff, I decided to try using move_uploaded_file() to see what would happen. And that worked... Which made me wonder why I could move a file, but I couldn't copy it. Shouldn't it be the other way around? Some extracted code: $upfile is the filename from the upload form $newfilename is the desired new filename concatenated with the desired path // This will not work if PHP is in safe mode if (copy($upfile, "desiredpath/" .$newfilename)) { // OK! } // But this will work if PHP is in safe mode if (move_uploaded_file($upfile, "desiredpath/" .$newfilename)) { // OK! } I didn't explore how to use system() or exec() to move/copy the file, but could someone shed some light on how/why to use that instead? And what's the file rights difference between copy and move in this case?
View Replies !
Safe Mode & File Upload
Is there any solution to create a directory with one script with mkdir(), and then write a file (or move an uploaded file) in this directory with another script? The problem is, that the directory belongs to the PHP-interpreter (UID 33 in my case) and the script doing the file creation and the one creating the directory belong to the FTP-user (UID 754 in my case). I just can't create diffenent directories and write some pictures in. My provider doesn't want to turn off Safe Mode.
View Replies !
File Safe Download To Server
I have a simple form where with multipart/ecnryption loads a file to a server. Any user can make so. I need to know is it safe? or i need to make some restriction to this download, or may be remove it at all, to prevent hacking my site?
View Replies !
Problem With File Permissions : PHP / FTP
My php-script makes directories and puts files in it. But via FTP'ing, I can't delete those files anymore. Also, I need to put a whole bunch of existing files into these, 'made-by-php' directories, and that seems impossible by means of FTP. I get an 'access denied' error every time.
View Replies !
File Permissions After Copy()
This function basically creates a new dir in a determined location and copies the files from an established dir to the new dir. It copies the files and creates the folder ok, bit it sets the file permissons to 755 for the new folder and file contents. I then get a 550 error if I try to delete or chmod them. Any suggestions? I get permission errors in the script if I use the chgrp and chmod functions also. PHP Code:
View Replies !
File Permissions In Win98
I just wanted to know if there was any way I could change my file permissions so I can use the fopen function in windows 98 using Apache and PHP 4.04???? I know how to do it for Linux but I need it for Win 98.
View Replies !
Change File Permissions
i'm trying to create a file management tool online using php. Everytime i copy or create files or folders though it assigns ownership of the new files or folders to the apache id. i tried using backticks, exec, shell_exec and the php shell commands. php safe mode is off. i can create the files and folders using shell commands and have tried to change ownership using chown but that doesn't seem to do anything. any insight can help. the goal is to be able to create these files with the same admin user ownership as all the other files on the site.
View Replies !
CHMOD File Permissions
i have a few question about file permissions. which is the best way to set a permission to a mp3 tha ti can play on the website, but if anyone try to get it from the directory they wont be able to? like if i am playing thissong.mp3 and someone went to the directory to try and get the file music/songs/thissong.mp3 they would get some kind of error. also for folders that don't have a index file. which permission would be the bes tinstead of creating a number of index for each, but not give a use permusic to see the context if the go to mydirectory/functions/ .
View Replies !
File/folder Permissions
I have an upload function that uploads images into a folder. The folder is set to 777. However when I upload an image file to the folder, the file uploaded is set to 600. Therefore it wont appear on web. I'm not sure why this is doing this for?? Im using the php function move_uploaded_file to upload the file.
View Replies !
File Write Permissions
I'm trying to get an open source PHP app working for my company. It's giving me the following custom error: FreeMED was unable to create a file to record the healthy status of the system. The FreeMED directory should be owned by the user that the webserver is running as... Usually this is 'apache'. You can also fix this by giving universal write access to the home directory of FreeMED. But that is not advisable from a security standpoint. I've narrowed it down to the line of PHP that's breaking it here: $test = CreateObject('FreeMED.FreeMEDSelfTest'); As far as I can tell, I've made the directory it's using as open as possible and it's still giving me that error. The owner is apache (user and group) and the permissions are (temporarily) set at 0777 (universal read/write). Is there some PHP or Apache configuration that needs changed to allow PHP this kind of permission?
View Replies !
File Permissions Windows
i am using the LOAD DATA INFILE to load from a txt file. Although it works fine with the MySQL command it does NOT work with Script...does anybody know why?
View Replies !
File Permissions On Upload
I am uploading picture. This is part of the code if(!move_uploaded_file($_FILES['fullSizePic'.$propId.$i]['tmp_name'], '../images/properties/'.$imageName) ){ chmod('../images/properties/' . $imageName , 0777); } The file uploads and moves into the properties folder. That folder's chmod is 777, but the file's chmod is only 600 making it unreadable by the server. I try to chmod it with php (as you can see above) and it doesn't work.
View Replies !
Not Enough Permissions To Delete A File
I want to delete a file using unlink() function. I'm getting a warning that says that I have no permissions to do that. I suppose that is because the file I'm trying to delete is under the root directory path. I searched the forum about deleting files but found nothing alike my problem...
View Replies !
Safe And Secure File Uploader Function
I am developing a method which will take a posted file, perform a series of checks and then write the file to the server (Linux) if it passes all of the checks. Currently I perform the following checks: Check to make sure the filesize is not too big Check the files extension Not quite sure what else to put. I have a very fast server so it okay if it performs a lot of checks. better safe than sorry. I was going to check the mime type but my server does not have that extension installed. I was also thinking of using the is_file() function to make sure a proper file is uploaded and the is_executable() function to make sure that no executable files are uploaded (Currently I am only uploading images). I'd like to make my upload function very robust so I am sure that their are other checks which need to be performed. Also I have heard that apache can also report errors on file uploads. Though I am not sure how to do this.
View Replies !
Preventing Users From Accessing Files On Webserver
I am developing a site where users will have access to download files via http links. Ideally, I want to prevent them from accessing these files by typing in the folder directly e.g. http://www.mysite.com/FolderWithFiles/SomeFile.zip Can this be done by adding some server restrictions and are there other alternatives, e.g. putting the folder 'above' the webserver directory?
View Replies !
Allowing Users To Download Files Using Headers
I am trying to create an area where a user can come to a page that queries a database and displays links to files. Here is the code for the link: <td><a href="download.php?path=../ftp/$path&name=$name" target="_blank">$name</a></font></b></td> Quote:
View Replies !
Display A Link For Users To Download Files?
I've created an area where users login and can upload files to a folder above the Doc Root. How can I display a link so that if needed, users can download those files?Currently I have PHP Code: echo "<td><a href='{$uploads['file']}' target='_blank'> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â {$uploads['title']}<br /> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â </a>"; The table is 'uploads' and the field is 'file'. The display works correctly; however, the link of course goes to www.sitename.com/var/www/uploads/filename.ext as the 'file' field simply holds the file path and name.
View Replies !
Allows Users To Easily Upload Files To My Server.
I'm attempting to write code that allows users to easily upload files to my server. My dilema of courses is that I dont want to offer a security breach. I'm thinking of creating a form tha calls a .php file that handles the upload. Does anyone have any thoughts on this? The website that I am building will reply very heavily on the ability of new unknown users loading files to the server. Once loaded however they will be quickly screened and deleted once re-sized.
View Replies !
Enable Site Users To Download Files
Using the script below, I want to enable site users to download files. I am able to upload the files to the specified directory, and the permissions on this directory are 777. However, files that are downloaded cannot be opened, and an error window appears stating that the file cannot be accessed or has read-only permission. I have look at some different scripts, and I think that all that I am missing is some type of reference to header information. Code:
View Replies !
Allowing Users To Download Files From My Site
The problem that i have at the moment is that I want to allow users to download the files that they have uploaded. I have looked around at different sources, but none that i have found so far seem to give me the information, or a good tutorial. I know it is to do with setting the content data, but still struggling with it. The files are uploaed and placed in a directory. Its these files that I would like users to download.
View Replies !
Upload File Permissions Problem
I've moved an existing site (which I didn't write) from a apache/php/mysql host under windows to a linux apache/php/mysql host. I've sorted out most problems except one. There is an upload function on the site, which uploads files via POST to temp folder and then moves it into a folder on the host using php function move_uploaded_file. Under windows this works fine but on the linux host the uploaded file is created with 600 permissions so it cannot be accessed later by site visitors. The folder it is uploaded into has 755 permissions. Is there a way of setting the default file permissions so each uploaded file can be set to say 644 or do I need to chmod each file after upload?
View Replies !
Creating A File, Uploading, And Permissions
I'm using php4 and i want to check for a file, if it doesn't exist it should be created. My problem is i have to create it with specific permissions specifically 666 so that the script can then write to it. I don't have ftp access. I'm also looking for any tutorials, recent ones, using php4 for creating file upload areas, i'm trying to make one of those as well.
View Replies !
File And Directory Permissions For PHP Application
I make the directory 0777 and then write the file then i make the file i tried a few but they keep from being read im sure the file is ok i think i can handdle file permissions but i think its directory permissions im having a prob with. Its an image file i write it and then need to use it so make the directory 0777 and then write the file and then what to the file and what to the directory ? i am using php ftp() but if anyone knows any differences with php chmod() then please tell me apart from that i do a 777 righth now and leave it at that. what should i being to the directory and file after to make it secure because i dont whant people tampering with them ? OH AND THIS PROBS ON TH MAC OSX 10.4 TIGER my chmoding works fine on linux the way it is 0777 and then a 655 + somtimes i play with the permissions of the directory throgh the os GUI or the shell and i got it to tell me i dont have permissions in the OS but in PHP its ok is this coz PHP got ownership of it when i messed with the addtional BIT.
View Replies !
|
TRACKER
