SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot
    Join Date
    Nov 2011
    Posts
    190
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Storing uploaded images outside of the html/www folder?

    Many security guides recommend that you store uploaded files in a folder not inside the folder containing your pages that are accessible from the web.

    Is this also true for uploaded images? I allow some of my users to upload images that are something like forum avatars. It seems that storing these images outside of the www root would force me to move the files inside of the www root to be viewed. I am not really sure if that is necessary or if this is a best practice here for images like this. I currently store the filename and the file path in a database table.

    Any thoughts on this? Can you easily display images that are not in the www/html folder?

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,168
    Mentioned
    454 Post(s)
    Tagged
    8 Thread(s)
    I don't think there's any point in thinking like this, because if an image is viewable in a browser, then people already have access to it and can download it. Storing files above the server root is more for system files that help the site run but aren't displayed publicly. (I doubt it's even possible to store usable images above the root folder, but I'm not well enough versed in all that to be sure.)

  3. #3
    SitePoint Zealot
    Join Date
    Nov 2011
    Posts
    190
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the idea is that the file is not executed if it somehow contains malicious code (like in a comment or through some other means) because the server won't interpret it, even if an attacker knows where the file is located. I am also not very proficient here, so I this may be more security than is needed for images meant to be displayed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •