A tip on security....

Anon

Hey guys!
I\'m coding a forum which uses flat txt files to keep the data (it\'s meant to be DB free)...Well, my question is how could I make it more security cause I have to use write and read permissions on the txt files!
Thanx in advance

Felipe Lopes

brandonschnell

on a multiuser system there isn't an easy way to secure text files writable by the web server.

if you're using apache with default user.group of nobody.nobody you could have the server create the text files and assign permissions (chmod) so only the owner can read write. now only processes running as nobody.nobody and read and write to the file. upside is that this will slow most users. downside is that you can't easily see the file except using the web interface and that anyone else on the server with cgi/php access can create a script to access your file.

if the file is owned by you then global read & write permissions would need to be set. this means that anyone else on the system could read and edit the file.

in most cases a database is perferred for easy of use & security.

Anon

The most secure way i can think of is to put the data file below your document root, thus cannot be accessed from the WWW.

Anon

Thanx Jonathan!
One more question then...
How could I do this using my ftp account and having my web site at f2s?
Thanx in advance!

Felipe Lopes

Anon

You would put the sensitive data file below the httpdocs/www folder, and call your file by the directory path for example:

/usr/local/psa/home/vhosts/yoursite.com/data.txt.

You may have to research what your directory path is from F2s forst.

Joanthan