Ok folks…I’m a bit puzzled. I see everywhere that I need to make the upload directory world writable (not something I’m wild about) however, I see in this thread about inline-uploading.php which seems to check user profiles…
So why won’t something like 665 or 666 work on the directory security? Or for that matter why not 770 since apache pulls the info with user www-data which is declared as the group owner of the directory.
Or am I just missing something? I’ve thought to use something like a “<Limit POST>” statement in the httpd.conf for that directory so that everyone can read the directory/pictures but you get prompted for a password if you wish to upload. Does inline-uploading.php not use POST? This way I can also force the uploading over SSL in addition to the password.
/brian chee
