Security Question

Does anyone know a good way to protect a directory that a php script NEEDS
to write too?

What I'm doing now:

1. create a directory manually "myDir"
2. chmod 777 myDir
3. password protect the directory with htaccess

Is this the best way, or is there something better?

Also, is there a way to mkdir or fopen a file dynamically, without
pre-creating a directory with 777 permissions?

Thanks for the help,
Andrew

> Does anyone know a good way to protect a directory that a php script NEEDS
> to write too?
>
> What I'm doing now:
>
> 1. create a directory manually "myDir"
> 2. chmod 777 myDir
> 3. password protect the directory with htaccess
>
> Is this the best way, or is there something better?

You could chmod the file/directory to 700 and change the owner to that
of the webserver (presumably the script is being run via the webserver).
This has the drawback that anything run from the webserver will have
write access to the files.

--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk

Knowledge Base and HelpDesk software
that can cut the cost of online support

Andrew Peterson wrote:
> Does anyone know a good way to protect a directory that a php script NEEDS
> to write too?
>
> What I'm doing now:
>
> 1. create a directory manually "myDir"
> 2. chmod 777 myDir
> 3. password protect the directory with htaccess
>
> Is this the best way, or is there something better?
>
> Also, is there a way to mkdir or fopen a file dynamically, without
> pre-creating a directory with 777 permissions?
>
> Thanks for the help,
> Andrew
>
Along with what Richard said, you could also move the directory outside of the webroot and not have
to worry about the .htaccess file. Nothing but PHP could access the directory contents, and only
through your interface could it be access.

--
Jim Lucas

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare