Hey, guys. Me again. I'm a little fuzzy on PHPs permissions on a shared hosting environment. It seems like PHP has Owner rights to a file. In my script I can create files and directories with PHP, but the permissions seem to be set such that I can't actually delete them via my FTP client, as I seem to be part of the Group, not the Owner. This forces me to set permission to include Group access.

For security, I am holding sensitive information in my home directory which, of course, is before the www directory. The files are accessed via a PHP script which parses the URL to determine which file to serve, but the URL itself doesn't actually point to the file. Is this a secure way of doing things? Even if I have to set the files to be accessible by Group?

I plan to get a dedicated server so the Group thing may not be an issue. In that case, would you recommend I have two servers, one running the database and one that I FTP files to and from? Furthermore, would a dedicated server allow me to have an account with the same Owner access as PHP? Or is that root?

Thanks! I am just really concerned with using the best security I can.