NYCPHP Meetup

[nycphp-talk] server-writable php files (was: using PHP to create a php file)

Allen Shaw ashaw at polymerdb.org
Fri Jun 9 16:51:19 EDT 2006


1. Create the file
2. store md5 checksum of in database
3. compare stored checksum and actual file checksum anytime before 
running the file later.

No?

csnyder wrote:
> My jaw hit the desk on this one, guys. Do not allow the webserver to
> create php scripts, under any circumstances ever. It's just asking for
> trouble.
> 
> Abstract the data (job listings) into a text file or sqlite database
> and give the webserver password protected write access to that. Or use
> a .csv file and edit the records by hand using Excel or EditGrid.com.
> 
> If you need to create world-writeable directories for uploaded files
> (and you _do_ need them sometimes), you should also take steps (via
> Apache config or .htaccess) that php scripts residing in those
> directories cannot be executed.
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> New York PHP Conference and Expo 2006
> http://www.nyphpcon.com
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 


-- 
Allen Shaw
Polymer (http://polymerdb.org)



More information about the talk mailing list