SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Aug 2002
    Posts
    385
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Securely upload files on a share server

    Hello, is it true that the only way to securely upload files on a shared server is by using ftp functions instead of using move_uploaded_file(); with a 0777 directory permission?

  2. #2
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your question is too assumptive and self-contradictory. Can you rephrase?

    (Or, just state your problem, and we can offer solutions.)
    Chris Shiflett
    http://shiflett.org/

  3. #3
    SitePoint Addict
    Join Date
    Aug 2002
    Posts
    385
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let me rephrase:

    1. Is using ftp functions to upload a file with a php script makes sure only the owner of the dir can upload, provided the upload dir has 0700 permissions?

    On another note:

    2. Is an upload dir with 0755 permissions secure enough to only allow a php script to upload a file as long as that script is residing in the owner's account? Or will it also allow other server-wide users to upload files in it?

  4. #4
    SitePoint Addict
    Join Date
    Apr 2005
    Location
    San Diego, CA
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you use an html form to upload a file it typically goes to the file upload directory, on linux php use /tmp as the default. It is then up to your script to move the file to it's destination directory. The directory must be writable by the server user (ex. apache or nobody). This means the destination directory has the least security possible but if it's only holding public images then the threat is minimal but not non-existent.
    I study speed waiting. I can wait an entire hour in 10 minutes.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •