Need a bit of clarification on this.
I have a folder in my web server that will contain sensitive information that no one should be able to read. My script currently does this:
makes the folder with 0777 permission and places an image in that folder
I have a second script that does this:
pulls that image from that specific folder, and shows it to the user
However, right now if the user knew the exact name of the parent folder, they can just type it in their browser and see all the images contained in that folder, like: www.testsite/test/images
What file permission can I use instead of 0777, that will allow these two scripst to write in and read in to the folder, WITHOUT allowing anyone to view the contents of the folder when typing it in their browser?
If I understand your problem correctly, you're worried about a user typing in /test/images/ into the URL bar, and seeing the directory listing containing your secret file.
Setting a chmod of 000 would mean that neither of your scripts (nor you) would be able to access the folder.
In my opinion, you'd be far better off using .htaccess with deny from all. This will make it so that you cannot 'open' any file in that folder, though you can still include them in PHP.
Alternatively, you may opt for creating an index.php in your /images/ folder, and setting an automatic redirect with header('Location: /'). This way a user wouldn't be able to see the directory listing.
Hope this helps! :)