Writing files in a sub folder of the web folder (apache security)
- by Homunculus Reticulli
I need to save session data for a dynamic web page script by writing to file. I have two questions:
Are there any security preferences as to whether to save the data UNDER the web folder, or OUTSIDE the web folder?
I attempted to write to the folder an (unsuprisingly), I had a 'file permission refused' type error. Should I set the folder ownership to the apache user (600, 640 or 644?)
[[Edit]]
core <- 'OUTSIDE' web folder (php script live here)
data <- 'OUTSIDE' web folder (session data and other misc data resides here)
web <- web root folder
js <- any folder below is 'INSIDE' the web folder
css
html
For example, in a php script (i.e. a dynamic PHP page), I can attempt to write to a file using something like fput('../data',data) yet (as I understand it) ../data should not be accessible - for security reasons.
Could someone please provide a simple example that shows how to provide access to ../data/ in the example given above?.
What are the actual SPECIFIC steps required?
BTW, I am running on a LAMP stack.