A quick question concerning security with respect to uploading files to a server using HTML/PHP.
Right now I have my permissions set to 770 for the directory in which the files are uploaded. So far the server is my iBook, so the diectory belongs to me. Group is set to www so Apache has access.
Is this a safe setting? Is there a better setting?
What bothers me is that Apache is free to write in to that directory and I'm wondering if it isn't a security issue.
Cheers!
Right now I have my permissions set to 770 for the directory in which the files are uploaded. So far the server is my iBook, so the diectory belongs to me. Group is set to www so Apache has access.
Is this a safe setting? Is there a better setting?
What bothers me is that Apache is free to write in to that directory and I'm wondering if it isn't a security issue.
Cheers!