Re: [PHP] File Upload Security and chmod



I may have hit "send" too soon...

Like, when you do FTP, do you see:

index.htm
page2.htm
page3.htm

right away?

*OR*, do you see:
public_html

And then you do "cd public_html" and THEN you see the files?

If you don't do "cd public_html" then I really don't think accepting
file uploads is a Good Idea, unless you have access to /tmp or
something to put the files in...

If you do "cd public_html" then you actually HAVE space outside your
webtree. Just do "mkdir uploads" and "chmod 777 uploads" *BEFORE* you
do "cd public_html" and you'll have an uploads dir outside the webtree
where you can put stuff.

NOTE:
Some fancy FTP tools like DreamWeaver and whatnot will convince you to
put "public_html" into some input box somewhere, to give you the
convenience of not needing to "cd public_html" -- which then means you
never *SEE* that you have space outside your webtree... Stop doing
that. An extra click or whatever to get into public_html is not that
big of a deal.

On Fri, September 22, 2006 7:21 pm, Andy Hultgren wrote:
So pretty much there's nothing to be done about it? If I can get the
chmod thing to make it so that you can't surf to your uploaded image
afterwards and view it, I'd be happy with that solution. I'd like to
stick with this host if I could.

On 9/22/06, Richard Lynch <ceo@xxxxxxxxx> wrote:
On Fri, September 22, 2006 3:58 pm, Andy Hultgren wrote:
that as my root directory is simply www.myDomain.com and not
".public_html/" and I am on a shared server where my root cannot
be

I got two words for you:

Change Hosts

--
Like Music?
http://l-i-e.com/artists.htm




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
Like Music?
http://l-i-e.com/artists.htm
.

Relevant Pages

  • Re: Cannot overwrite file using IIS FTP v6.0?
    ... it uploads a screenshot from itself once every 60 seconds. ... Not much help I guess but all moot now as I have removed the FTP Service ... A compliant FTP server will do that in only one case - and that's when the ... If your application used the "STOR" command, you would find that IIS would ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: FTP utility wanted
    ... :> need to do a fair amount of ftp _uploads_ to a server. ... Even an obsolete distro like Redhat 9 ... Stan Bischof ...
    (comp.os.linux.misc)
  • Re: OT: Backup software
    ... I am currently running a automated backup proceedure which ... automatically during various times of the day and night, uploads a ... However, in order for it to restore the data on its own, it will only ... I can view the contents of the drive offsite as something like an FTP ...
    (uk.comp.homebuilt)
  • Re: Determining FTP root folder from path?
    ... I had consider using PHP file uploads and certainly that could be done. ... Perhaps I need to ask for the FTP username and password in the application ... >> Is there a reliable way to determine site root from path? ...
    (comp.lang.php)
  • Re: Firefox or Opera as FTP program?
    ... Opera and Firefox only do FTP for downloads, not uploads. ... are one or two Firefox plugins that can handle uploads, ...
    (alt.html)