Reputation: 109
Security of changing permissions of file on server
I have a PHP file which edits an XML file, both on the same web-server. So I need to chmod 666 the XML file. However i've seen some warnings about this being a security risk due to the granted write permissions.
I only care about whether remote users can edit my XML file, am I correct in thinking this is not possible without being local?
Upvotes: 0
Views: 287
Answers (2)
Reputation: 34564
You could set them up a group and set a group permission for the file and give that file the group permission and all those users of that group can edit that file. This way, only members of the group can edit and not all public people.
Upvotes: 2
Reputation: 16905
Who creates the XML file in the first place? If you create it directly via PHP, you do not need to set such permissions.
If you are on shared hosting, others might be able to modify the XML, depending on the server's configuration.
The security risk depends on what you do with the data, do you eval it, do you call functions according to content in the XML? Do you just output something without escaping? Do you store sensitive information in the XML?
I'm not sure what you mean by "remote users". Any other user that is logged on, read system user, can modify the file. So anyone that is connected via SSH or something could change it. If it's a virtual server however, it's a different matter.
Upvotes: 1
Related Questions
- Changing file permissions in php
- PHP : add new permission to a file
- How do you permit PHP to write to a file without compromising server security
- should i chmod files after upload in php?
- How to set file permissions (chmod) appropriately?
- Keeping Files Secure On A Server - Is Changing Permissions Enough?
- Change permissions of file uploaded by PHP
- file permissions in php
- File permissions
- PHP and CHMOD question