Results 1 to 6 of 6
Thread: Simple ? about upload folder
-
02-13-2006, 01:55 PM #1Web Hosting Evangelist
- Join Date
- Aug 2005
- Location
- EIB Network
- Posts
- 474
Simple ? about upload folder
Is it really unsafe to have an upload folder on a server that is chmodded 777? I have an image gallery script that users can upload images too. And the images are placed in an 'uploads' folder that is chmodded 777. What can I do to make this safe if it is a security risk? Would there be any problems if I moved it outside the public web directory? Thanks!
People train run out of Stubville.
-
02-13-2006, 02:03 PM #2KM Carpenter
- Join Date
- Feb 2003
- Location
- Albany, New York
- Posts
- 3,026
No, you can do that....then just call the image from its location and it should work fine.
-
02-13-2006, 02:16 PM #3Web Hosting Evangelist
- Join Date
- Aug 2005
- Location
- EIB Network
- Posts
- 474
Originally Posted by CarpPeople train run out of Stubville.
-
02-13-2006, 02:55 PM #4KM Carpenter
- Join Date
- Feb 2003
- Location
- Albany, New York
- Posts
- 3,026
Sorry...I wasn't answering any question there.
Yes, you can store them in a directory that is not visible on the web.
-
02-13-2006, 03:59 PM #5Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 282
or you can make sure the mime-type of the file is valid. IE dont allow them to upload .php files.
You can store them a level below the webroot if you want. The risk of 777 can come from other users on the same server if the hosting provider did not setup the server correctly.
-
02-13-2006, 08:36 PM #6Web Hosting Evangelist
- Join Date
- Aug 2005
- Location
- EIB Network
- Posts
- 474
Well I am on a dedicated server... so does that mean a folder that is 777 is only exploitable by a script running on MY server?? Thanks!
People train run out of Stubville.