Hello

Any one can please help me with my php security problem.

Actully I want to create an application that stores stuff in the same folder where the php script runs from.

I know that this could be quite a security risk, and any one please help me for minimize this risk.


Thanks in Advence!

There are absolutely loads of ways you can increase security in situations like this and having things stored in a public folder isn't always an issue. Things you might well want to look into are items like:
1. htaccess files to ensure someone is logged on before downloading a file (or restrict by ip address)
2. securely protect the upload script so only authorised users can upload it
3. set the correct permissions on the directory depending on your needs
4. ensure only file types you are expecting are uploaded (i.e. not exe's, dll's etc.. if your not wanting them)

There are plenty of others but it really depends on what you are trying to achieve with the system as to how you would go abouts locking it down

My first question is : why? You've identified that this introduces a lot of security risks. Sure, you can account for them and implement controls, but there are also much easier and inherently safer ways to skin this cat...

If you absolutely MUST do this, swordfish's suggestions are all valid, however I would suggest creating a subdirectory in the script location that is the only writable area to your web-user.

thanks for suggestion