kruptof

I am currently working on a project which requires the upload of files to a specific directory. It seems the only way to upload the file is to chmod the directory to 777. My question is what is the danger associated with doing that, surely having a directory that the whole world can write to is bad right? And if this approach is bad then what other ways exists to upload the files.

__________________

titaniumdecoy

A common approach is to use a directory with permissions set to 777 below your web root directory (eg, if your web root is /public_html/, you might use /uploads/).

kruptof

How can apache serve the files then, I thought it was only allowed to serve anything within or below the document root?

__________________

Sane

You shouldn't have needed to do that. Make sure the username you are using is the privileged owner of the directory, when you're FTPing the files over.

I'm assuming you mean 'above'. And yes, but it's also circumstantial upon how your service has configured Apache.

kruptof

I am not using an FTP client Sane. I am uploading them using a HTML Form

__________________

Sane

Oh, and you've written a PHP uploader to handle the upload and save it to the current directory? Maybe you should focus on the root of the problem here: the uploader.

Is the owner of the .php script the same as the owner of the directory? I'm not exactly sure how it works, but I assume if the .php script is not the owner of the directory, then it can't write to the directory (unless it's 777).