[nycphp-talk] server-writable php files (was: using PHP to create a php file)
Allen Shaw
ashaw at polymerdb.org
Fri Jun 9 16:51:19 EDT 2006
1. Create the file
2. store md5 checksum of in database
3. compare stored checksum and actual file checksum anytime before
running the file later.
No?
csnyder wrote:
> My jaw hit the desk on this one, guys. Do not allow the webserver to
> create php scripts, under any circumstances ever. It's just asking for
> trouble.
>
> Abstract the data (job listings) into a text file or sqlite database
> and give the webserver password protected write access to that. Or use
> a .csv file and edit the records by hand using Excel or EditGrid.com.
>
> If you need to create world-writeable directories for uploaded files
> (and you _do_ need them sometimes), you should also take steps (via
> Apache config or .htaccess) that php scripts residing in those
> directories cannot be executed.
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> New York PHP Conference and Expo 2006
> http://www.nyphpcon.com
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
Allen Shaw
Polymer (http://polymerdb.org)
More information about the talk
mailing list