473,383 Members | 1,822 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > permissions problem

Join Bytes to post your question to a community of 473,383 software developers and data experts.

permissions problem

i am writing a simple script that needs to read data from a file, say
foo.txt. When the script is called the server is run as 'nobody'. So I
chmod foo.txt to 606 so that nobody can read and write to it. The
problem with 606 is that now anyone can simply type in the url to
foot.txt, i.e http://mysite.com/foo.txt and read its contents. How can
I prevent this? I suppose I could raname it to foo.php instead?

Sep 26 '06 #1
6 1003
ve*****@yahoo.com wrote:
i am writing a simple script that needs to read data from a file, say
foo.txt. When the script is called the server is run as 'nobody'. So I
chmod foo.txt to 606 so that nobody can read and write to it. The
problem with 606 is that now anyone can simply type in the url to
foot.txt, i.e http://mysite.com/foo.txt and read its contents. How can
I prevent this? I suppose I could raname it to foo.php instead?
Don't have the file within your web site root directory. Or use Apache
configuration/.htaccess to block access to the file though the web. Or
change the script that reads it to run as another user.

All kinds of possibilities.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 26 '06 #2

Jerry Stuckle wrote:
Don't have the file within your web site root directory. Or use Apache
configuration/.htaccess to block access to the file though the web. Or
change the script that reads it to run as another user.

All kinds of possibilities.
those probably would work but are a little more maintenance than i had
in mind. anything simpler we may be overlooking?

Sep 26 '06 #3
ve*****@yahoo.com wrote:
Jerry Stuckle wrote:

>>Don't have the file within your web site root directory. Or use Apache
configuration/.htaccess to block access to the file though the web. Or
change the script that reads it to run as another user.

All kinds of possibilities.


those probably would work but are a little more maintenance than i had
in mind. anything simpler we may be overlooking?
Not if it's in the docroot and you let everyone have read access to it.

Placing it outside the document root should have zero maintenance. If
it's always the same filename, setting up .htaccess has zero
maintenance. Making the script run as another user has zero maintenance.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 26 '06 #4

Jerry Stuckle wrote:
>
Placing it outside the document root should have zero maintenance. If
it's always the same filename, setting up .htaccess has zero
maintenance. Making the script run as another user has zero maintenance.
These are all one extra thing you need to do to get the script to run.
I need to be able to setup the script on a different server often, so
this would add to the checklist. Hence I am looking for the easiest
solution that would not require me to make additional changes.

Sep 26 '06 #5
ve*****@yahoo.com wrote:
Jerry Stuckle wrote:
>>Placing it outside the document root should have zero maintenance. If
it's always the same filename, setting up .htaccess has zero
maintenance. Making the script run as another user has zero maintenance.


These are all one extra thing you need to do to get the script to run.
I need to be able to setup the script on a different server often, so
this would add to the checklist. Hence I am looking for the easiest
solution that would not require me to make additional changes.
So you're changing the conditions now. This isn't the same problem you
originally started with.

Well, you're going to have to do something anyway. Renaming it to .php
won't do a thing unless it's php code. And it has to go someplace.
Outside the server root directory is as good of a place as any.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 26 '06 #6
In article <11**********************@h48g2000cwc.googlegroups .com>,
ve*****@yahoo.com wrote:
Jerry Stuckle wrote:

Placing it outside the document root should have zero maintenance. If
it's always the same filename, setting up .htaccess has zero
maintenance. Making the script run as another user has zero maintenance.

These are all one extra thing you need to do to get the script to run.
I need to be able to setup the script on a different server often, so
this would add to the checklist. Hence I am looking for the easiest
solution that would not require me to make additional changes.
Eh, he is giving you the solutions that apply to your problem. How
that affects your workflow wasn't known and isn't his problem. If the
file is in the docroot, people will be able to read it. Keep sensitive
data out of the docroot. run sensitive scripts as another user, use
..htaccess of you must have it in the docroot.
--
Sandman[.net]
Sep 26 '06 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
what the heck does "permissions 33279" mean?
by: lkrubner | last post by:
I want to give users the power to edit files from an easy interface, so I create a form and a PHP script called "fileUpdate". It does a reasonable about of error checking and prints out some...
PHP
0
Re setting file permissions...
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
ASP / Active Server Pages
2
ASP security model / file permissions to allow updating of a database
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
ASP / Active Server Pages
2
Giving users specific DDL permissions
by: K Finegan | last post by:
I have an archival process on a large database that runs once a month. At the beginning of the process the triggers and indexes on the tables whose data is moved are dropped, the data is moved and...
Microsoft SQL Server
1
Error loading XML file c:\...\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission
by: Chris | last post by:
I have seen the posts on various places on the internet about .NET framework mismatch issues and I don't think that is my problem. ; ) When I execute the following C++.NET code: String...
.NET Framework
9
Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET
by: Ben Dewey | last post by:
Project: ---------------------------- I am creating a HTTPS File Transfer App using ASP.NET and C#. I am utilizing ActiveDirectory and windows security to manage the permissions. Why reinvent...
C# / C Sharp
3
NTFS permissions resetting on Access MDB every time it's opened.
by: palepimp | last post by:
Hello all, I have searched far and wide for a solution to my issue. In short, here is the problem: 1. 3 PC's enter data into an Access 2003 database (PC's are running Vista w/ Office 2007...
Microsoft Access / VBA
3
Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK
by: Mike | last post by:
Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type...
ASP.NET
6
Permissions, should I use an Int, long or binary datatype?
by: DotNetNewbie | last post by:
Hello, in my web application, I have to create permissions for each user. So what I am doing is that for each role (using sqlmembership in .net) I am creating a column in the database to hold a...
C# / C Sharp
13
File upload permissions
by: eclipsme | last post by:
I thought I had this licked, but apparently not. I have a file upload script that attempts to upload a file to a directory in the public_html directory - www.domain.com/upload The permissions...
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!