uploaded images, file permissions, security etc... |
[eluser]Unknown[/eluser]
hi, i'm new to this forum so this is my first post ok so i have a question or two about security regarding this situation so users have an option to upload theirs images thru some flash uploader to some directory on the server. my main concern is about security of this directories. The application is gonna run on shared hosting so lets say directory structure is gonna be smthn like this /uploads/user_id/avatar/ /uploads/user_id/thumbs/ /uploads/user_id/... so permissions on this folders should be 644 right ? what else should i be considering ? i was thinking not to fully disclose tr00 server path so i was thinking some mod_rewrite for this paths ? i dont have much experiences on this field i allways bypassed security problems by generating static .html files but this time i have no other option then suck it up and be a tr00 geek So any suggestions ? thnx swirm
[eluser]resolv_25[/eluser]
Well, there is no answer in 2 sentences. Here is some good advice related to CI and directory placement. http://ellislab.com/forums/viewthread/125687/ Others config files shall also not be visible to public. If files shall be executable, it shall be 755, if it is kind of css may be 644. If you are creating files read&write;for your users, might be 644 or 744 when read&write;&executable;. Good luck. |
Welcome Guest, Not a member yet? Register Sign In |