SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2000
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    File Uploads - 777 - security

    Hello,

    I have created a passworded "Control Panel Area" for a site owner to manage the site through a limited CMS. One feature that I added was for the owner to upload files through a script I downloaded and modified.

    The script will upload files to a folder (chmod 777). These files need to be accessed by the general public. I believe it is not wise to have a folder set with these permissions in a non-restricted area (?). The files are currently not available since they are located in the passworded "Control Panel".

    What would be the best approach to making these files available to all?

    Current setup:

    /control/ (passworded folder)
    /control/files/ (uploaded files: chmod 777)


    Thanks,
    Andrew

  2. #2
    SitePoint Member panda's Avatar
    Join Date
    Mar 2003
    Location
    Melbourne, Australia
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why do the uploaded files need to be chmod 777?

    Anyway, what exactly are you concerned about? It's not like random users can upload files to your web server (unless there are untrusted users with accounts on the server eg. other webmasters with php).

  3. #3
    SitePoint Enthusiast
    Join Date
    Sep 2000
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The script requires the folder to be chmod 777.

    Access to the uploading script will be passworded.

    I was just wondering if it is safe to have a folder set to 777 in a non-restricted area. Is there anything to be worried about?

  4. #4
    SitePoint Guru okrogius's Avatar
    Join Date
    Mar 2002
    Location
    US
    Posts
    622
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your prime concern may be that if your client is on a shared server, other users on it may be able to write to this folder if it's chmod'ed 777.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •