php newbie save_path questions

[bbxrider]

i'm just starting to work with php for first time for a mambo project

i've read the manual on the session save path but have a few questions.

 

- php uses this in backround so to speak, for temp work files that it needs for whatever?

  so any files it created would be deleted at the end of session or when not needed anymore?

 

-if i/my program went to save some file and didn't know enuf or care enuf to specify some path, that file

would get saved there?

 

- if php is invoked by say apache, do the file permissions get checked with user/user group that apache is

running under to check if php can actually create, read, write, and delete in the specified directory, so permissions are inherited from session user that invoked php, , and seen some stuff about setting it somehow with something called .htaccess?

 

-there is some stuff i've seen that the directory for save path shouldn't be accessible to the world some

how, not sure how that works. if the web site has a directory that enables visitors to open files, and if the session path

files were there, somebody could read those and get info that could be used to hack or something?

 

i know theres a lot here, that goes into apache and web stuff, but any info would be appreciated

thanx

bbxrider

 

[SharkBait]

 

PHP scripts are run under the group that Apache is part of. (can be anything from www-html, html-users, www etc)

 

If you're running a script and it's permissions are not set up correctly it will not be able to write to the file.

 

If you don't personally know where the file is being stored, you'd have to look at the documentation or the script to find it's path.

 

Technically if the user knew the naming scheme for the sessions files and that folder containing the files were accessable by the public then yes, they would be able to do whatever they wanted.

 

Hope this helps a bit.