[nycphp-talk] server-writable php files (was: using PHP to create a php file)
ashaw at polymerdb.org
Fri Jun 9 16:51:19 EDT 2006
1. Create the file
2. store md5 checksum of in database
3. compare stored checksum and actual file checksum anytime before
running the file later.
> My jaw hit the desk on this one, guys. Do not allow the webserver to
> create php scripts, under any circumstances ever. It's just asking for
> Abstract the data (job listings) into a text file or sqlite database
> and give the webserver password protected write access to that. Or use
> a .csv file and edit the records by hand using Excel or EditGrid.com.
> If you need to create world-writeable directories for uploaded files
> (and you _do_ need them sometimes), you should also take steps (via
> Apache config or .htaccess) that php scripts residing in those
> directories cannot be executed.
> New York PHP Community Talk Mailing List
> New York PHP Conference and Expo 2006
> Show Your Participation in New York PHP
More information about the talk