NYCPHP Meetup

[csnyder]

On 4/27/06, Brian O'Connor <gatzby3jr at gmail.com> wrote:
> This is the way I currently upload some images to my website now.  I really
> have no idea how safe this is, so if its unsafe, please let me know.
>
> // FTP configuration
>     $ftp_server = 'myftpaddr';
>     $ftp_user_name = 'myuser';
>     $ftp_user_pass = 'mypass';
>
>     // Connect
>     $conn_id = ftp_connect($ftp_server);

[snip]

>
>  // upload the file
>         $upload = ftp_put($conn_id, $destination_file, $source_file,
> FTP_BINARY);
>
> ftp_close($conn_id);


Ah, that ftp solution.

By using a localhost ftp connection, you can save the files as your
login user and avoid both world-writeable directories and undeleteable
(because owned by apache) files.

Those are big pros. There are also some big cons, depending on your situation.

First, we all know that ftp is an insecure protocol, right? This isn't
an issue if the ftp server is localhost, but if you are making
connections over a network you are potentially exposing your password
to anyone with access to the packets.

Second, and more importantly, you are potentially exposing your login
credentials to anyone else on the shared server with read access to
your script. This is the fundamental problem with shared hosting, and
it applies to database credentials as well. That seems like a bigger
risk (since all of your files are accessible) than just having a
world-writeable directory (where only uploaded files are accessible).

The convenience of having the uploaded files owned by you rather than
by the webserver may still outweigh the security issues, but you have
to make that call.

Not all shared servers are alike, of course. If you have any question
about whether other users on the box could read your scripts, ask your
hosting company.


--
Chris Snyder
http://chxo.com/