NYCPHP Meetup

[nycphp-talk] Single-Logon User Authentication, PHP and viewingnon-ASCII

Chris Snyder csnyder at chxo.com
Mon Aug 18 16:12:52 EDT 2003


True about the permissions -- the webserver user has to be able to read 
the files (though not necessarily write or execute them in this case).

But if the /content directory is outside of the webserver's document 
root, then someone would need another means of access to the server in 
order to read the files-- they couldn't get at them via http.

As was suggested before, some of these issues go away if you use PHP in 
CGI mode, because then PHP runs as your UID.
They also go away a little bit if you change the ownership on the 
content directory so that it is group nobody-- at least then only you 
and the webserver can get to the files, and not other users (unless 
they're in the webserver's group of course).

But if you're really concerned about other users on the server, you 
probably need your own box.

    chris.

Phil Powell wrote:

>I have that already:
>
>[snip]
>
>However, this only works if the directory has permissions of at least 755
>and each file at 777.  But that's not what the client wants, he wants it to
>be set to permissions that the "outside world" can't view unless they log in
>and are authenticated beforehand.
>
>Phil
>----- Original Message ----- 
>From: "Chris Snyder" <csnyder at chxo.com>
>To: "NYPHP Talk" <talk at lists.nyphp.org>
>Sent: Monday, August 18, 2003 3:33 PM
>Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
>viewingnon-ASCII
>
>
>  
>
>>Check out the directory() functions.
>>
>>
>>Phil Powell wrote:
>>
>>    
>>
>>>I looked up fpassthru online and how to set the headers.  Your solution
>>>sounds fine for hopefully viewing a single file, but how about producing
>>>      
>>>
>a
>  
>
>>>list of files for display?
>>>
>>>Thanx
>>>Phil
>>>
>>>
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>    
>>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>  
>




More information about the talk mailing list