Ownership/permissions of uploaded files
Posted
by
Cudos
on Server Fault
See other posts from Server Fault
or by Cudos
Published on 2011-01-06T16:11:30Z
Indexed on
2011/01/06
16:55 UTC
Read the original article
Hit count: 229
Hello.
I want to find out if I am on the right track.
My script uploads files to the directory "images". The directory has this setup:
- owner/group = www-data
- Permissions = 700
Questions:
- Is this a good way to secure the directory from a hacker uploading files?
- Will the hacker be able to upload the files directly to the directory?
Note: I have a bunch of other security measures in my upload script + an .htaccess script in the directory that disables script Execution. I just what to know if the permissions on the directory is sensible.
I run apache 2.2
© Server Fault or respective owner