Writing files in a sub folder of the web folder (apache security)

Posted by Homunculus Reticulli on Pro Webmasters See other posts from Pro Webmasters or by Homunculus Reticulli
Published on 2012-03-30T00:33:25Z Indexed on 2012/03/30 11:42 UTC
Read the original article Hit count: 445

Filed under:
|

I need to save session data for a dynamic web page script by writing to file. I have two questions:

  1. Are there any security preferences as to whether to save the data UNDER the web folder, or OUTSIDE the web folder?

  2. I attempted to write to the folder an (unsuprisingly), I had a 'file permission refused' type error. Should I set the folder ownership to the apache user (600, 640 or 644?)

[[Edit]]

core     <- 'OUTSIDE' web folder (php script live here)
data     <- 'OUTSIDE' web folder (session data and other misc data resides here)
web      <-  web root folder
   js    <-  any folder below is 'INSIDE' the web folder
   css
   html  

For example, in a php script (i.e. a dynamic PHP page), I can attempt to write to a file using something like fput('../data',data) yet (as I understand it) ../data should not be accessible - for security reasons.

Could someone please provide a simple example that shows how to provide access to ../data/ in the example given above?.

What are the actual SPECIFIC steps required?

BTW, I am running on a LAMP stack.

© Pro Webmasters or respective owner

Related posts about apache

Related posts about security