Re: Apache and home directories (file browser).

From: alan (amd_at_headru.sh)
Date: 02/20/04

  • Next message: Roberto Pereyra: "dialup question ?" 
    Date: Fri, 20 Feb 2004 20:12:58 +0000
To: freebsd-isp@freebsd.org

    Please be aware that allowing uploads through php is quite insecure. A
    lot of php-Nuke hacks have been accomplished that way. google for
    security info on uploads through php.

    alan
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Roberto Pereyra: "dialup question ?"

    Relevant Pages

    • Re: [PHP] File Upload Security and chmod
      ... So I've been trying to figure out where php uploads files to temporarily ... security recommendations at face value but to give them some thought, ... much larger number of bytes are a valid image. ...
      (php.general)
    • Re: [PHP] File Upload Security and chmod
      ... My host has a "tmp" dir I can use, but it ain't /tmp, and PHP ... Though if file uploads are working at all, ... much larger number of bytes are a valid image. ... A secure site is not an off/on switch. ...
      (php.general)
    • Re: [PHP] File Upload Security and chmod
      ... So I tried to implement the example code given in the php tmpfile() ... -- Uploaded files can be chmod so that nobody can read them, ... -- Since I'm only allowing image uploads, I can strictly filter which files ... So your login is allowed to read files within the directory, ...
      (php.general)
    • Re: secure file uploads and downloads
      ... Not sure if this is php related or not, but i'd like to have certain users who have the ability to upload files to my site, and others to download files. ... One flag says allow uploads, ... store their login information in the $_SESSION variable. ...
      (comp.lang.php)
    • Re: secure file uploads and downloads
      ... Not sure if this is php related or not, ... certain users who have the ability to upload files to my site, ... allow uploads, ... You could also store the flags in $_SESSION; ...
      (comp.lang.php)