mibacode
Reputation: 404
Keeping Files Secure On A Server - Is Changing Permissions Enough?
When I store files that access my database, is changing the permissions on the file to 0600 enough to keep anything but other files on my server from accessing that file? I have read that one way is to store the file out of the web root directory, but will changing the permissions give you the same secure results?
Upvotes: 2
Views: 94
Answers (1)
Kristian
Reputation: 21830
there are a number of things you can do:
- set permissions on the directory containing the files
- set permissions on the files
- set up your server directives to mod rewrite your urls so that way only things in a "public" folder are accessible by direct linking, otherwise they must be loaded by proxy via server side code.
I prefer method 3.
Upvotes: 1
Related Questions
- What are the best practices setting file permissions for a PHP website on Apache2/Linux (LAMP)?
- File and folder access management and security (PHP/Apache)
- File System and security (PHP)
- How to protect a directory and/or certain files in an extremely secure manner?
- Are folder permissions on a web server adequate security?
- PHP file security on webserver
- Security of changing permissions of file on server
- file permissions in php
- File permissions
- Folder security?