lammy
Posts: 49
|
| Posted: 11/12/2008, 9:40 AM |
|
Hi All
Not sure if this right place to post but any help would be appreciated, I'm not an expert on PHP,
Problem I have a picture uploader in my website, that has the temp upload directory. I have been contacted by my service provider stating that there has been a breach in security of this folder and a third party has uploaded some seriously bad files.
They have told me to check my scripts as this could be the breach and also set my directory security from 777 to 755 or 764.
1. Could there be a security breach possible within the script code of CCS
2. How do I change my directory security to 755
all help appreciated as this is quite worrying.
Cheers
Lammy
|
 |
 |
melvyn
Posts: 333
|
| Posted: 11/12/2008, 10:47 AM |
|
First: you must know how to use an ftp program. Login and change the permissions using it. That's not a codecharge issue.
Regarding file upload, you must be very careful. Only allow *jpg and *png to upload. Don't allow any other file type to upload. If some user uploads a .php file, that user can run whatever he/she want.
See "Allowed File Masks" and "Disallowed File Masks"
_________________
Melvyn Perez
Puro Codigo
http://purocodigo.com |
|
|
|
|
