Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP

Security issue in using PHP unlink() function

Suppose i provided a sub directory on my webserver to one of my new team mate so that he can access it via FTP. Although he just got access to that particular directory but he can delete every file on my server using the same script. unlink('/var/www/site.com/*'); Is there any way to overcome this security threat????

1 Answer

Sean T. Unwin
Sean T. Unwin
28,686 Points

There is this Stackoverflow discussion which may be useful. The key points, from my understanding in reading, is to be sure to authenticate the user and also to ensure the absolute path is being used, as opposed to relative.

Interesting, yet potentially scary topic.