File permissions

Anon

I have a PHP script which collects visitor names and write/appends them to a straight text file (not a database). Nothing complex and it works fine.

However - being paranoid, how is this file protected from being opened by someone else\'s script? The PHP \'fopen\' command appears to allow any script to open my file as \"http://www.xxxxxx.com/file.txt\", which would allow it to be read (and maybe written?) from other servers and scripts.

I assume the file permissions as defined by \'chmod\' are at the heart of the answer, e.g. if write access is restricted to \'owner\'.

Do the scripts on my website carry \'owner\' privileges?

Anon

You're safest moving the text file outside of yoru webspace altogether. For example, if your website's home dir is

/usr/www/yourname/httpd/htdocs

you should create a directory called something like

/usr/www/yourname/securetexts/

you can then store your files in there, happy in the knowledge that they can't be surfed to.

Then just change your script to look in that directory for the file, and check to make sure that the script is called from the page(s) you expect before accessing the file, and you should be quite secure.

Cheers,

Jack

(Free PHP Hosting till the end of the year - www.combustion.ie)

Anon

Thanks for that. My webspace is in a directory "htdocs", and I can indeed create a new directory from its parent, so I'll go for that idea.

Anon

can php access data outside the home directory?