Results 1 to 6 of 6
  1. #1
    Join Date
    Aug 2005
    Location
    EIB Network
    Posts
    474

    * Simple ? about upload folder

    Is it really unsafe to have an upload folder on a server that is chmodded 777? I have an image gallery script that users can upload images too. And the images are placed in an 'uploads' folder that is chmodded 777. What can I do to make this safe if it is a security risk? Would there be any problems if I moved it outside the public web directory? Thanks!
    People train run out of Stubville.

  2. #2
    Join Date
    Feb 2003
    Location
    Albany, New York
    Posts
    3,026
    No, you can do that....then just call the image from its location and it should work fine.

  3. #3
    Join Date
    Aug 2005
    Location
    EIB Network
    Posts
    474
    Quote Originally Posted by Carp
    No, you can do that....then just call the image from its location and it should work fine.
    Not sure which question you are saying No too. If you could ellaborate would greatly appreciate! Thanks.
    People train run out of Stubville.

  4. #4
    Join Date
    Feb 2003
    Location
    Albany, New York
    Posts
    3,026
    Sorry...I wasn't answering any question there.


    Yes, you can store them in a directory that is not visible on the web.

  5. #5
    Join Date
    Nov 2005
    Posts
    282
    or you can make sure the mime-type of the file is valid. IE dont allow them to upload .php files.

    You can store them a level below the webroot if you want. The risk of 777 can come from other users on the same server if the hosting provider did not setup the server correctly.

  6. #6
    Join Date
    Aug 2005
    Location
    EIB Network
    Posts
    474
    Well I am on a dedicated server... so does that mean a folder that is 777 is only exploitable by a script running on MY server?? Thanks!
    People train run out of Stubville.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •