cronjob78 Posted October 3, 2012 Share Posted October 3, 2012 With PHP I build an XML feed on server A and “copy” it to another server B. I do the “copy” by calling a PHP script on B from A by using: $string = html_get_contents('http://www.websiteB.com/feed_copier.php') On server B feed_copier.php uses fwrite(‘feed.xml’, $string) to make the copy. It works well however I have to make the feed.xml on server B world writeable (666) because I’m calling the script on B from A across the big bad www. (1) How worried should I be about having an XML file with world writeable permissions? (2) Is there any other way around it? I have limited access to server B and the reason. Quote Link to comment Share on other sites More sharing options...
berridgeab Posted October 3, 2012 Share Posted October 3, 2012 (edited) Yes, Server A creates the file, Server B requests it and then writes it to its own location with whatever permissions you desire. I'm assuming both servers are running versions of PHP cabable of doing this. Edited October 3, 2012 by berridgeab Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 3, 2012 Share Posted October 3, 2012 The script doesn't care where you call it from, only where it is in relation to where the resources it tries to write to. In other words, if "feed.xml" is on the same server as the script (B), then you do not need to make it "world writeable". You only need to make sure that the user that the web server is running under has access to write to the file. Quote Link to comment Share on other sites More sharing options...
cronjob78 Posted October 4, 2012 Author Share Posted October 4, 2012 Correct berridgeab. Thanks for your reply Christian. That script will only write to the .XML file if I make the .XML file world writeable. This maybe because the user that I have been assigned on server B does not have write permission. I cannot get this permissions on server B so my original question is to whether the .XML file is safe to left world write able. I don't know what the security risks are. Does 'world writeable' mean any of you could go in and change it from outside the sever? Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 4, 2012 Share Posted October 4, 2012 What I'd do in that case, is to make a folder to hold this file (and other writeable files), using PHP itself. That'll ensure that the web user has ownership of the folder, and it doesn't need to be world-writeable. You will need to make the parent folder world-writeable, but that's only in the short period of time that you're running the script that generates the new folder. After which you can set the main folder's permissions back to what they were. Only a slight improvement compared to having it world-writeable, granted, but it is the best you can do without involving a database or changing hosts. As far as security risks go: If it's world writeable anyone who figures out a way to write something to the disk on that server, no matter by which method, can easily overwrite your file. By limiting access to the web server's user, at least they'll be limited to the web server only (or any other service running under the same user). Quote Link to comment Share on other sites More sharing options...
cronjob78 Posted October 5, 2012 Author Share Posted October 5, 2012 OK, got it. Thanks. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 5, 2012 Share Posted October 5, 2012 You're welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.