You don't need to give world access to your files, why do you think so? If your virtual server space use SuExec, then every file uploaded to your space will be owned by you (your user on that server). Can you explain better your setup and what you think is a problem?

Abigail

Never saw that solution - does Apache (standard configuration) support PUT? What's the advantage? Not needing perl?

I've no idea whether it supports put. I'd be surprised if it doesn't, but I'd be surprised if it does without configuring it. As for the advantages, advantages over what? The advantages over an HTML form upload seems obvious to me, why deal with multiple protocols, if you can do with one?

Abigail

HTML file upload from a form.

What does "write access for the process that writes to that directory" mean?

Thanks.

What does "write access for the process that writes to that directory" mean?

Uhm, it means just that. At one moment in time, the server receives an HTTP request, and it contains the content of a file. Somehow, this file needs to be written to disk. This can be done by the server (or one its children), for instance because mod_perl is used. Or the server can hand it off to a different process (for instance, because CGI is used). Anyway, eventually, there is a process that will do the writing. That process needs to have write permission in the directory.

Abigail

Just out of curiosity, why don't you want the images to be stored in the database as BLOBs?

- - arden.

Just out of curiosity, why don't you want the images to be stored in the database as BLOBs?

Purely practical: my hosting company makes a distinction between "disk space" and "database space." I get a LOT more "disk space."