Forum Moderators: coopster
I need some folders to be created dynamically into a main-folder. Actually I'm doing it with a PHP script but I'm worried about security, becouse the main-folder must be writable by the PHP script.
I know chmod 777 is like opening the door to anybody, so I'm using 'chown nobody' and works, but I'm not sure if it's really more secure or if there's a better way to do it.
Every folder is created for a new user that signs up, so every name folder is well known and public.
Thanks.
Welcome to WebmasterWorld!
If this is a new application you are starting then there is another approach you might want to take:
Instead of creating physical directories, store the directory/username in a DB and use one script to display the user page according to the username that is passed.
Map the urls to the script using mod_rewrite. eg:
http://www.example.com/users/junter -> http://www.example.com/show_user_page.php?username=junter
The script will then lookup the user details from the database and display it.
You can also expand this to have subpages in the user "directory" eg:
http://www.example.com/users/junter/contact/ -> http://www.example.com/contact_user.php?username=junter
This can give you a lot of flexibility.
HTH
The problem is that this is not a new application. There are a lot of users already.
If I say the word 'wiki' maybe you know what I mean, there's no DB option here, only text files and folders ...
Anyway my big question is if it's not safe to change the group ownership and permissions of the folders to the web server user?
