Results 1 to 6 of 6
-
06-15-2008, 07:39 AM #1Junior Guru Wannabe
- Join Date
- Jun 2008
- Posts
- 49
Upload folder security, how do I achieve this?
Well on my VPS if I dont set the permissions 777 of the temp and the final upload folder, move_uploaded_file just doesnt work.
So I have set it to 777. But then 777 permissions now pose a threat where some hacker can screw my system.
How can I prevent this from happeing ??
Imoracle
-
06-15-2008, 10:23 AM #2Temporarily Suspended
- Join Date
- Apr 2008
- Location
- USA & Germany
- Posts
- 194
Did you set the sticky-bit for temp-folder?
chmod +t TEMP-FOLDER
-
06-15-2008, 10:28 AM #3Junior Guru Wannabe
- Join Date
- Jun 2008
- Posts
- 49
So a sticky bit on my temp folder and also on the final upload destination folder will do the trick?? is it??
-
06-15-2008, 10:36 AM #4Temporarily Suspended
- Join Date
- Apr 2008
- Location
- USA & Germany
- Posts
- 194
A sticky-bit makes directories and files created in that folder that are only removeable by the user who created them.
What kind of upload-service do you mean, php-based? If yes, then you might take a look at suphp, which runs php-scripts und creates thoose uploaded files as a specific user.
-
06-15-2008, 10:39 AM #5Junior Guru Wannabe
- Join Date
- Jun 2008
- Posts
- 49
Well my service is where users can upload audios and videos and then they will be streamed from there.
But my only doubt is how do i make it 100% secure so that no one can delete the audios and videos from there. Is there any 100% secure way of doing it.
I will take a look at suphp. Never heard about it.
-
06-15-2008, 10:55 AM #6Temporarily Suspended
- Join Date
- Apr 2008
- Location
- USA & Germany
- Posts
- 194
Make sure you check the uploaded files, that these uploads do not contain a script or executable. Deactivate unnessesary functions in php like exec, shell_exec, etc. in php.ini with parameter "disable_functions".