PHP File Upload Security Tutorial
56
Most PHP scripts and content management system scripts (CMS scripts) require writable permission 777 (rwxrwzrwz) to be set for certain folders for uploading photos and videos. Many security experts warn that setting 777 permission means that anybody can upload any content to your server, install malicious code, run unwanted programs and could potentially misuse your server. This is big security risk.
Hits Ironically if you implement a fileupload in your script, the upload wouldnt work for any other permissions other 777 or else your upload will fail. So you will be forced to set 777 permission for your writable folders. Alternatively, to secure your server you can implement the following checks to in your PHP script as well as in your server. Remember if you are in shared hosting plan you might be limited in running as root. The following methods help you to secure your server. |
Posted on: 2008-01-07 13:28:54 by admin
Website: www.mysql-apache-php.com
Category: Tutorials
Tags: file upload security
Visit Site
Tag Cloud
• file upload security • php file upload • php security • php image upload