Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Posted September 5, 2014 8:00am by

Security issue in using PHP unlink() function

Suppose i provided a sub directory on my webserver to one of my new team mate so that he can access it via FTP. Although he just got access to that particular directory but he can delete every file on my server using the same script. unlink('/var/www/site.com/*'); Is there any way to overcome this security threat????

1 Answer

September 5, 2014 1:15pm

There is this Stackoverflow discussion which may be useful. The key points, from my understanding in reading, is to be sure to authenticate the user and also to ensure the absolute path is being used, as opposed to relative.

Interesting, yet potentially scary topic.

Posting to the forum is only allowed for members with active accounts.
Please sign in or sign up to post.