[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] PHP upload/dir permissions
- Subject: [cobalt-security] PHP upload/dir permissions
- From: "Andy Clyde, oxfordmusic.net" <cobalt-security@xxxxxxxxxxxxxxx>
- Date: Tue, 17 Jun 2003 15:08:26 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
i've just had to help a client out with uploading via a PHP script.
i have 'open_basedir' and 'upload_tmp_dir' set on a per site basis in
/etc/httpd.conf but this still wasn't working - the script was defaulting to
/tmp and not /home/sites/siteXX/tmp as it should have been. i eventually
solved this by changing the permissions on /home/sites/siteXX/tmp to 777.
it also seems that i need to chmod 777 all the directories in the path where
the tmp.uploaded.file is to be saved.
this seems a bit dangerous. is there a workround? or is it safe?
cheers
andy