Ownership/permissions of uploaded files

Posted by Cudos on Server Fault See other posts from Server Fault or by Cudos
Published on 2011-01-06T16:11:30Z Indexed on 2011/01/06 16:55 UTC
Read the original article Hit count: 229

Filed under:
|
|

Hello.

I want to find out if I am on the right track.

My script uploads files to the directory "images". The directory has this setup:

  • owner/group = www-data
  • Permissions = 700

Questions:

  • Is this a good way to secure the directory from a hacker uploading files?
  • Will the hacker be able to upload the files directly to the directory?

Note: I have a bunch of other security measures in my upload script + an .htaccess script in the directory that disables script Execution. I just what to know if the permissions on the directory is sensible.

I run apache 2.2

© Server Fault or respective owner

Related posts about apache

Related posts about security