On Wed, 2003-01-08 at 06:50, [EMAIL PROTECTED] wrote:
> i know this is a bit down the chain, but i'm trying to keep the message
> strings in tact....
> but can't you set up your directory just like you set up your mysql Grants.
> I have a directory that the web user owns, who is in its own group.  so i
> set the permisssions once, and its done.  Also i don't store the folder
> structure, i have a variable named for that folder structure then if the
> folders move or you need to move your webservers, the path will dynamically
> update, regardless of location.

Here's the problem. You have two choices for permissions with uploads:
1. You can make the upload directory world-writable. This is a major
security risk, as any other user on the system can write to it as well.
2.  You can make the upload directory owned by the apache user (or
whatever user your web-server runs as). This is a problem because you
have to be root in order to make the change. Many users don't have this

Uploading the file to a DB solves both of these problems.

It presents its own problems too, though. Downloads of the binary data
are slow. And it's difficult to get a user's browser to cache the
dynamic pages. For example: Mozilla will cache a URL that looks like
this: http://example.com/image.jpg, but it has trouble caching a URL
like this: http://example.com/image.php?id=3. Does anyone know the right
headers to send to get browsers to cache these dynamic image pages as if
they were static images? 


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to