csv security
Results 1 to 6 of 6

Thread: csv security

  1. #1

    csv security

    Hello

    Ok so heres the rundown. I just got a job as a webmaster, first order of buisness is to start a mailing list. All I have to work with for a few months is php. (mySQL won't come around till later for reasons i have yet to find out)

    So heres the deal, I don't have my code finalized yet, and it's at work. But here is the concept-

    Enter a bunch of address info on form->
    write to CSV excel file...

    simple enough right?

    What I'm worried about, is for this to work, the permissions need to be set to writable. I need some hints on how I can secure this document so nobody can do any kind of injection, flooding, or retrieve it and use the addresses to spam. I am the only one that needs to see this file, so setting the permissions for only my access is A-ok. but of course then nobody could write to it. Basically, I just need some pep talk and advice because this is the first time I am doing this for someone else. How can I make sure this doesn't get screwed up?

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Question.....if you are the only one who needs it -- why keep it on the web site? Export it to your box and then no one but you would have access to it.
    Edit: And for them to write to it, have them enter the data and then it would be automatically forwarded to your mail account for later retrieval.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    well, the form and php script will write to the .csv file. So temporarily it will "have" to be on the server, right? By the way this is not my box, I only have access through ftp.

    So the .csv will temporarily be on the site... at least by doing what I am now.

    Mox: I don't have email on this server... and the site is a busy one, it'll be a lot of emails. A excel spreadsheet is perfect (.csv) to copy paste the emails into an addressbook.

    That would work if: I could use another email server, if it would send the .csv and delete itself every week... Ill mess with that idea too.

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    The name of the file where the data is enter in php is hide from the actual code so the file will not be read. If you set the permission to write only (Not read) for the group everyone (Long run here), they will write it in, and they will have no way to get since they cannot read and they don't know the filename anyway.
    -Simon \"SDK\"

  5. #5
    SDK: Awesome, thanks, problem 1 solved.
    problem 2, how can I prevent flooding, and any sort of injection? I have already found str_replace to prevent commas, but is there anything else I need to worry about?

  6. #6
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    PHP Code:
    <?php
    If (basename($PHP_SELF) !== "index.php") {
    print 
    "<a href=\"index.php\"><u>De retour  l'index</u></a> - ";
    }
    else {

     
    $cpt="Counter.dat";
     
    $ip="CounterIP.dat";
     
    $myip="10.10.10.10";

     if (
    $fd=fopen($ip,"r"))
     {
       
    $ipread=fread($fd,filesize($ip));
       
    fclose($fd);
       if (
    $fd=fopen($cpt,"r"))
       {
          
    $val=fread($fd,filesize($cpt));
          
    fclose($fd);
         if (
    $REMOTE_ADDR != $ipread)
         {
           if (
    $REMOTE_ADDR != $myip )
           {
             
    $val++;
             
    $fd=fopen($cpt,"w");
             
    fwrite($fd,$val);
             
    fclose($fd);
             
    $fd=fopen($ip,"w");
             
    fwrite($fd,$REMOTE_ADDR);
             
    fclose($fd);
           }
         }
         echo
    "<p>Nombre de visite depuis 1 janvier 2004 : <b>$val</b></p>";
       }
     }

    }
    ?&
    gt
    Ok. This a code I have on my webpage. I found it on the Internet. The goal is count the number of visitor on my website. But before the count is increment, it check if the last IP is the same that the visitor IP so the same IP cannot increment the count more that one. The code check the last visitor IP with this current IP and it's not the same, increment the count.

    That will prevent flooding.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •