File Upload without 777 ?!!

ab4net

hi,
i do upload files successfuly to a folder online with the permission 777
but i think this is making too much security hole ....
any suggestions of how to load a file without this threat ?!
upload should be done VIA php because each file uploaded must have addetional information with it, and been renamed regarding to the Current ID row in the DB
please help,

jim_keller

The only way for this to work is if your host has a PHP wrapper installed that runs PHP scripts as the user who owns the script, not as the user the webserver is running as. Most hosts don't do this, though I'm not sure why.

If you're interested in a bit of a more in depth discussion on the topic, I recently posted a blog entry that covers it:

http://jimkeller.blogspot.com/2008/01/php-security-in-shared-hosting.html

-Jim Keller
http://www.contextsolutions.net

ab4net

thanks,
but what if it is shared host, and dont have the wrapper ?!
any solution ??!