[PLUG] apache and PHP and creating files on the host
Ted Kubaska
tkubaska at charter.net
Mon Jul 9 07:34:47 UTC 2007
Thanks ... honest, I don't want to touch files ...just using that as a
test, probably the wrong one when I think about it. I don't really want
to provide user parameters, want instead to start up pre-configured
builds from the web. Which means creating files ...
I since found that I can create files if I make the directory in which
the files will reside writeable by www-data which is apache's group. Is
this an acceptable thing to do?
Too much invested to leave hp for erl ... but are you saying that what I
want to do more easily handled by Perl?
-ted
On Mon, 2007-07-09 at 00:19 -0700, Eric Wilhelm wrote:
> # from Ted Kubaska
> # on Sunday 08 July 2007 11:18 pm:
>
> >But if I try a command that actually creates a file like
> ><?php system("touch junkA"); ?>
> >
> >no file junkA appears anywhere.
>
> It depends on what user apache is running under, and what the working
> directory is, as well as the permissions. You probably want to put
> that file in /tmp/ or somewhere specifically intended for such usages.
>
> Definitely stay away from running ssh from apache process. Especially
> with a passwordless key!
>
> Also, understand what happens when you do system("touch $var") and var
> is user-supplied. http://allyourbasearebelongto.us/foo.php?var=;rm+-rf
> and what-not.
>
> Maybe consider trading in the HP for an erl. :-D
>
> --Eric
More information about the PLUG
mailing list