Basics of the Configuration File
Anytime you create or write an operating system file from a web based form and script combination, you must consider how secure it is. There is potential for abuse if users can write files all over the place.
First, you should be sure that the path to the configuration file is hardwired into the script. Never let the user define this path directly from the form input. If you do have a need for the user to select from a number of configuration files, select them from an array of allowed paths. The form should only allow the users to indicate which path they are selecting, for example, by an option number obtained from a drop down menu.
Second, you should be sure the configuration file is not writeable by anyone on the net. It should be writeable only by the owner and any script granted access to the filesystem.
If PHP is not running under your user id, then you will have to have the user manually make the file world writeable until the new file is written out, then have them manually change the permissions so it not world writeable.
|Pages: 1 2 3 4||Related Forum Topics | More Tutorials »|