mkdir + safest method

bandit8

Hi,

I am currently working on a Flash application where the user is able to upload an image, and then using PHP I have it get saved into a newly created folder on the server.

I'm currently using

mkdir('testFolder', 0777);

for the folder creation aspect...

I know that using 0777 allows all permission settings for everyone, and so I don't know how 'safe' this is. Is it safe to use this? Or could it lead to a security issue? All the folder will contain is images. Is there a better way I should doing this? Sorry, I'm new to dynamically creating folders via PHP.

I look forward to your thoughts/suggestions,
b.

bastien

method is fine, if security or file protection is an issue then you want to create the file off the web root so that the contents can only be accessed via a script

bandit8

Hi Bastien,

Thanks for your reply, I appreciate it.

Can you just clarify for me what you mean by "create the file off the web root so that the contents can only be accessed via a script"?

The file path would look something like: http://www.domain.com/uploads/testFolder

..I'm just a little confused how to set it so that it could only be accesed via a script.

Thanks for your help!
-b.

NogDog

Unfortunately, if you are running on a shared host, any file/directory which is read/writable by the web server is potentially accessible by any other user on that host who can write PHP or any other type of script that would be run via the web server user account. And if you give it 777 permission, then any account on the server will have potential access.

If security is an important enough issue for your site, then you need to consider getting a dedicated host.

bandit8

Is there a value other than 0777 that I could use to get around this? (and avoid having to go to a dedicated host?)

thanks!
-b.

NogDog

If you want your PHP web pages to be able to read and write to that directory, then you cannot avoid using a permission setting that allows any other script which is run by the web server account to also read/write that directory. There are some configuration things that can be done to help prevent other users' PHP scripts from reading files in your directory - namely implementation of the open_basedir setting - which can certainly help but are not by any means 100% (since they only affect PHP scripts).

There are some initiatives to overcome this and other common PHP security problems, such as the "suhosin" project at www.hardened-php.net. You might want to contact your shared host's support staff to find out what PHP security steps (if any) they have implemented.

bandit8

NogDog,

Thanks again for your help... I'll check out that site.

I'm still debating how much of a security risk it truly would be...as no users will be able to see the path to the directory that is being written to, and it is only referenced to in the SWF... But with all of the crazy automated crawlers out there I wanted to make sure I wasn't setting myself up for disaster.

-b.

bandit8

If I have it so that the only place I'm referencing the path to the uploads folder is within the swf and php file, and I never provide the user with the path, is there a realistic chance that people (who have nothing better to do) could find a way in and do some damage?

I appreciate all input, as I want to consider all implications ahead of time before I go live with the site, so that I don't run into future troubles and have to go back and rework stuff.

Thanks!
b.

NogDog

On a reasonably well set up shared host, the only people who should be able to read your PHP source files are: (1) you, (2) anyone able to log in to the server as root (and hopefully the server is configured to allow root logins only from selected physical terminals), (3) someone who somehow gets your user and/or FTP login and password, (4) someone who has access to another account on the host and has some sort of script that either uses brute force or educated guesses to sniff its way around the server's file system, or (5) something I haven't thought of yet.

If your site does not contain highly critical data (personal data that would be desirable for identity theft, legally sensitive data, etc.), and you are reasonably confident that the people running the server are competent, then I would not lose too much sleep over it (as long as you have some sort of regular back-up plan in place). If you do have highly sensitive data, then personally I would not risk it on a shared host.