The Why:
I'm in the process of creating a Linux+Apache+PH P website with a
public area and an admin area for configuration and updates.
The What:
One of the features of the admin area is image-upload, where the
images are subsequently viewably by the general public. Currently
I've created a dedicated "pictures" directory which world-writable
into which the PHP script puts the form-uploaded images. The admin
logging in is done via a database lookup, not .htaccess directives or
OS permissions.
The How:
It seems a bit risky (is it?) to have to directory so open, is there a
way I can allow the script to move files into that directory without
making it a+w?
Thanks,
Mark
I'm in the process of creating a Linux+Apache+PH P website with a
public area and an admin area for configuration and updates.
The What:
One of the features of the admin area is image-upload, where the
images are subsequently viewably by the general public. Currently
I've created a dedicated "pictures" directory which world-writable
into which the PHP script puts the form-uploaded images. The admin
logging in is done via a database lookup, not .htaccess directives or
OS permissions.
The How:
It seems a bit risky (is it?) to have to directory so open, is there a
way I can allow the script to move files into that directory without
making it a+w?
Thanks,
Mark
Comment