How to safely edit internal files?

Hi, with PHP, the fwrite function to edit an internal file requires the chmod of 666 or 777. However, this opens safety flaws due to other people being able to edit the files as well. Is there a safer way to do this rather than chmod to 777?

Thanks.

 

Who are the 'other people'? people sharing your server, potential intruders or people actually accessing your script?

If you want the script to be able to access the file with fwrite(), it will have to be 0644 or worse.
Yes, this will leave it quite exposed - especially is someone manages to get local access.
However, remotely it could be difficult - just make sure your code is bullet proof and users can only perform the actions they are authorised to.

One more thing, I've noticed a lot more scripts are vulnerable to null byte poisoning as of late. Might want to check that out as well .

 

simply use chmod() in your editing script..

so

<?php
$file = thefile.txt;
$text = $_POST['text'];
chmod($file, 0666);
$filed = fopen($file, 'w');
fwrite($filed, $text);
fclose($filed);
chmod($file, 0644);
?>

PHP:

EDIT: But of course, you still need to make the editing script secure, via passwords etc.. there really is no sure-fire way to protect against internal misuse..

Chuckun

 

all functions are available in PHP open source..

 

Great input there mate.

 

Heh.. Rep for this.. I'm sick of seeing so many pointless posts about the place.. people just wanna run up post counts.. It's seriously so annoying i'm starting to report them (something I've never really done..)

Chuckun

 

Bang on, I just Rep- them now. If you're gonna post, at least contribute to the forum or have something funny to say .