damian
Posts: 838
|
| Posted: 02/03/2009, 5:56 PM |
|
how do i secure my file upload directories - both temp and final location after setting 777 permissions on them?
can someone upload a php file and execute it?
_________________
if you found this post useful take the time to help someone else.... :)
|
 |
 |
datadoit
|
| Posted: 02/03/2009, 6:24 PM |
|
Not if you don't allow them to upload PHP files.
|
|
|
|
datadoit
|
| Posted: 02/03/2009, 6:29 PM |
|
Oh, and never ever ever never ever set 777 permissions on uploaded
files. 644 at the most.
How do I keep someone from stealing my car after I leave it unlocked
with the keys in the ignition? :)
|
|
|
|
damian
Posts: 838
|
| Posted: 02/03/2009, 6:35 PM |
|
i had never got nay other combination to work prev. maybe i never tried 644? will test now.
if i have 777 on a folder can someone upload to it by methods other than my application?
_________________
if you found this post useful take the time to help someone else.... :)
|
|
|
|
damian
Posts: 838
|
| Posted: 02/03/2009, 6:48 PM |
|
at 644 i cannot upload...
at 744 i can upload but cannot view my files....
_________________
if you found this post useful take the time to help someone else.... :)
|
|
|
|
datadoit
|
| Posted: 02/04/2009, 10:46 AM |
|
Check to see who's owning the uploaded files. Should be apache (?).
|
|
|
|
