The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suggestion on securing a PHP file.

Discussion in 'General Discussion' started by wills, Aug 30, 2003.

  1. wills

    wills Well-Known Member

    Jan 29, 2003
    Likes Received:
    Trophy Points:
    1. An automated process on my home network contacts a script on the host (acc/accsale.php) and tells it to write a file to the directory "si".

    2. One of my customers accesses another script (delivery.php) which reads the file written in step 1 and compares the encrypted password the customer entered with the one contained in the file and if correct it allows the customer to update the file with their information and then mails it back to a pop3 account on my home network for further processing.

    Now my concern is the directory "si" is world readable/writable since I need to be able to manually remove files in it, as well as have the scripts read/write files in it. This is somewhat of a security problem for me since some other customers on the server could very well read/write those files as well.

    Is there any way I could have the web server serve my pages (or a specific set of pages) as my unix user "my account" instead of "nobody"? I would be able to restrict access to the "si" directory if that were possible.

    I don't want to do this on all accounts, just one account. Any thoughts? Support Ticket Number:
  2. euselect

    euselect Well-Known Member

    Aug 3, 2003
    Likes Received:
    Trophy Points:
    Using suexec php would write a file as a user and not need world writable permisions, but it does cause a few other issues with common scripts.

    You might consider using a mysql db to store your data instead of a world writable file or dir ?


    Neil Support Ticket Number:

Share This Page