Is it safe to make .XML feeds world writeable?
With PHP I build an XML feed on server A and “copy” it to another B. I do the “copy” by calling a PHP script on B from A by using:
$string = html_get_contents('http://www.websiteB.com/feed_copier.php');
feed_copier.php on server B then uses fwrite(‘feed.xml’, $string) to make the copy.
It works well and runs every hour as a cronjob on server A....however I have to make the feed.xml on server B world writeable (666) because I’m calling the script on B from A across the big bad world wide web.
(1) How worried should I be about having an XML file with world writeable permissions?
(2) Is there any other way around it? I have limited access to server B and the reason I copy the script over is so that if there is a problem with server A then the server B will still be able to access its feed.
