Security

Question

I have written php pages which allow an editor to upload files to the host and to view the files in a selected folder and to copy, move, or delete individual files. This obviously gives a great deal of power to the user. Right now I'M using them for convenience. I did this so that when I am no longer maintaining a non-profit site that the board can designate someone else to maintain the site until they come up with an alternative.

In the meantime this is a big risk. I have to have the php files in the public_html directory because all the file functions need to start from the root. Is there any suggestion as to how I can make sure that no one other than someone given the authority can accesss these functions? I can certainly require a secure login, but is it possible to mark files as hidden?

Your advice is always appreciated.

Nancy OShea · Accepted Answer

Not sure what you're asking.Security begins at the server/hosting level.  Assuming the server is well managed with regular security patches and nobody but the admin has access to your backend CMS & scripts, what are your concerns?

B i r n o u · Answer

have you looked at htaccess... you can protect either by password, by IP, by filetype, folder case, and so on... you can also serve files differently depending on profil and so on... and it is at a lower level than PHP

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded