[nycphp-talk] server-writable php files (was: using PHP to create a php file)

Allen Shaw ashaw at
Fri Jun 9 16:51:19 EDT 2006

1. Create the file
2. store md5 checksum of in database
3. compare stored checksum and actual file checksum anytime before 
running the file later.


csnyder wrote:
> My jaw hit the desk on this one, guys. Do not allow the webserver to
> create php scripts, under any circumstances ever. It's just asking for
> trouble.
> Abstract the data (job listings) into a text file or sqlite database
> and give the webserver password protected write access to that. Or use
> a .csv file and edit the records by hand using Excel or
> If you need to create world-writeable directories for uploaded files
> (and you _do_ need them sometimes), you should also take steps (via
> Apache config or .htaccess) that php scripts residing in those
> directories cannot be executed.
> _______________________________________________
> New York PHP Community Talk Mailing List
> New York PHP Conference and Expo 2006
> Show Your Participation in New York PHP

Allen Shaw
Polymer (

More information about the talk mailing list