Hi,

I have a site running Linux/Apache/PHP that users can uploads photos to
a directory within the webroot. The only way that I have been able to
get the upload to work is if I chmod the upload directory to 777. The
site is running at a shared hosting provider so I don't have access as
to who apache and/or PHP is running under, but I assume nobody. How
can I get the upload to work while not exposing the directory as a huge
security hole?

Thanks in advance.

quite simply you can't as ur on a shared hosting platform.

there are scripts that will only allow certain filetypes uploaded ie: .gif .jpg .doc .pdf .txt


"7elephants" <andrew@andrewsteiger.com> wrote in message news:1159494594.253919.190750@k70g2000cwa.googlegr oups.com...
> Hi,
>
> I have a site running Linux/Apache/PHP that users can uploads photos to
> a directory within the webroot. The only way that I have been able to
> get the upload to work is if I chmod the upload directory to 777. The
> site is running at a shared hosting provider so I don't have access as
> to who apache and/or PHP is running under, but I assume nobody. How
> can I get the upload to work while not exposing the directory as a huge
> security hole?
>
> Thanks in advance.
>

Newsgroup Poster wrote:
> quite simply you can't as ur on a shared hosting platform.

That depends. If you can run cgi's and the server runs suexec, you
could run your php scripts as cgi. Then you wouldn't need to chmod the
directory 777; 700 would do. Also, you should put the upload directory
outside the web tree, which, again, your web provider may not offer
you.

PHP5 should have some object oriented libraries that may offer a
workaround to this problem. With php4 on a shared hosting, it's nealy
impossible.

You are better off asking a php newsgroup.

Ottavio