1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to safely edit internal files?

Discussion in 'PHP' started by ericjzhang, Jul 26, 2010.

  1. #1
    Hi, with PHP, the fwrite function to edit an internal file requires the chmod of 666 or 777. However, this opens safety flaws due to other people being able to edit the files as well. Is there a safer way to do this rather than chmod to 777?
    SEMrush
    Thanks.
     
    ericjzhang, Jul 26, 2010 IP
    SEMrush
  2. Deacalion

    Deacalion Peon

    Messages:
    438
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Who are the 'other people'? people sharing your server, potential intruders or people actually accessing your script?

    If you want the script to be able to access the file with fwrite(), it will have to be 0644 or worse.
    Yes, this will leave it quite exposed - especially is someone manages to get local access.
    However, remotely it could be difficult - just make sure your code is bullet proof and users can only perform the actions they are authorised to.

    One more thing, I've noticed a lot more scripts are vulnerable to null byte poisoning as of late. Might want to check that out as well :).
     
    Deacalion, Jul 26, 2010 IP
  3. Chuckun

    Chuckun Well-Known Member

    Messages:
    1,161
    Likes Received:
    60
    Best Answers:
    2
    Trophy Points:
    150
    #3
    simply use chmod() in your editing script..

    so
    <?php
    $file = thefile.txt;
    $text = $_POST['text'];
    chmod($file, 0666);
    $filed = fopen($file, 'w');
    fwrite($filed, $text);
    fclose($filed);
    chmod($file, 0644);
    ?>
    PHP:
    EDIT: But of course, you still need to make the editing script secure, via passwords etc.. there really is no sure-fire way to protect against internal misuse..

    Chuckun
     
    Last edited: Jul 26, 2010
    Chuckun, Jul 26, 2010 IP
    Deacalion likes this.
  4. infocusweb

    infocusweb Guest

    Messages:
    19
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    all functions are available in PHP open source..
     
    infocusweb, Jul 27, 2010 IP
  5. Deacalion

    Deacalion Peon

    Messages:
    438
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Great input there mate.
     
    Deacalion, Jul 27, 2010 IP
    Chuckun likes this.
  6. Chuckun

    Chuckun Well-Known Member

    Messages:
    1,161
    Likes Received:
    60
    Best Answers:
    2
    Trophy Points:
    150
    #6
    Heh.. Rep for this.. I'm sick of seeing so many pointless posts about the place.. people just wanna run up post counts.. It's seriously so annoying i'm starting to report them (something I've never really done..)

    Chuckun
     
    Chuckun, Jul 27, 2010 IP
  7. Deacalion

    Deacalion Peon

    Messages:
    438
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Bang on, I just Rep- them now. If you're gonna post, at least contribute to the forum or have something funny to say :).
     
    Deacalion, Jul 27, 2010 IP