I've changed the permissions on my uploads directory to 722 instead of 755, making it write only. This works great for keeping uploads invisible from the web while still allowing the script to work. If I want to open the uploaded files I get at them through my hosting provider's control panel.
This seems to be a pretty good solution. Are there any potential problems with this that anyone can see? Or better ways of hiding uploaded files?
Thank you,
Jason Champion
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thats is the right idea. if you see one of my earlier posts regarding permissions, I stress the fact that all you need to make sure is that the user account running the webserver process has proper permissions to read/write the required directories and files. You should be using the lowest possible permission level that will allow you to do this.
Also, it is critical that you set the file upload directory to _not_ have execute permissions. If it does, then the evil doers can easily upload and execute scripts that could potentially give them full access to your directories and even your server (in some extreme cases).
So yea, it seems like you have this covered.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've changed the permissions on my uploads directory to 722 instead of 755, making it write only. This works great for keeping uploads invisible from the web while still allowing the script to work. If I want to open the uploaded files I get at them through my hosting provider's control panel.
This seems to be a pretty good solution. Are there any potential problems with this that anyone can see? Or better ways of hiding uploaded files?
Thank you,
Jason Champion
thats is the right idea. if you see one of my earlier posts regarding permissions, I stress the fact that all you need to make sure is that the user account running the webserver process has proper permissions to read/write the required directories and files. You should be using the lowest possible permission level that will allow you to do this.
Also, it is critical that you set the file upload directory to _not_ have execute permissions. If it does, then the evil doers can easily upload and execute scripts that could potentially give them full access to your directories and even your server (in some extreme cases).
So yea, it seems like you have this covered.