I always gave to the webserver user full permissions on these dirs:
cache/
logs/
web/uploads/
But now I am wondering if the uploads part is 0K. I was thinking that maybe it would be better if I use a .tmp file for each upload, and then put them in a queue to be moved to uploads/, and do the same for deletions (the queue will be read and validated by a different user). This way, even if an attacker gets to inject malicious code, the uploads/ folder will be safe.
Answer
Your temporary file idea sounds like a fine idea to me.
Whatever directory the temporary files are uploaded to will need to be writable by the user that your code runs as (typically the webserver, especially when using mod_whatever).
Furthermore, this directory needs to be outside of the DocumentRoot. Whatever anyone uploads there should not be on the internet until it has been vetted. This keeps your server from being used in an email telling me that my logons have been disabled and I need to go to http://example.com/uploads/yourbank.php to fix it.
No comments:
Post a Comment