hi. I am making a website in which clients will upload their files to my website. I have already got a php script for it, its called "File Thingie" (I know, stupid name but great script). The way it will work: I will create a few usernames and passwords. I will require a login page for anyone who wants to upload things. They will need to call me and I will give them their unique username and password. Then, they will use that to upload their stuff. BUT I am concerned about hackers having access to my server. I have been reading a lot about this and different websites say different things about making it hacker proof. The easiest solution that I came across is below. I got this from some website: "The best way of handling file uploads securely is rather than giving writable permissions to users, is to allow the writable permission to apache itself. In this way the apache server has writable permission rather than the user. Just chown the writable folder to apache or nobody and assign 770 permission. In this way the public has no access to read or write or execute permissions in the uploads folder. You will notice that apache has rwx and so as the owner. You can safely place the upload folder inside www folder without any concern. chown -R apache uploads chmod -R 770 uploads " I dont quite understand all this technical jargon, but is my understanding correct? if I paste the 2 lines in my .htaccess, then I am safe? I won't have to do anything with the php code itself? I dont know guys, I am tired of searching. If you know something better than File Thingie, something more efficient, let me know. Maybe it's better if I don't require login?