Guys I need to deal with security issue here. The requirement of the web is to allow user to create a file on server, location in web directory. Now its pretty simple to do it if I allow them to read/write permissions.
But looking at it from security point of view, Is it safe? I dont think so because its obviously open to attck then, cant they run some doudgy scripts if they want to as hacker (I dont know how to :)) but just thinking.
What would be the way to deal with it if it is not secure enough, fopen isnt in good books according to our security standards, but as I giving it restricted path then mayb I can get away with it but fwrite??
Problem is that its key requirement and they cant run fopen or fwrite unless I give them write permissions.
Can some one please guied me on this issue.