Security problem: directory with 0777 access 1

[elck]

Hello.

In order to allow my visitors to uload .jpg pictures to my site I have created a directory with access rights set to 0777.
This is the only setting that I got working.

Now this directory is a target for hackers.
They managed to create a directory under that directory and put stuff there with malicious intend.

How can I prefend that? Is there an other chmod setting or do I have to change the access right in the upload script?

Thanks,

elck

 

[KarveR]

create the upload directory from within PHP, this way it will be owned and readonly by your webserver (apache), this removes the need for it to be 0777. (it should end up as 755 or less)

Because apache created it, apache can write to it, and read from it

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[elck]

Thank you, that seems to be the perfect solution!

 

[sleipnir214]

Or more generally, simply make sure that the user as which Apache runs is the owner of the directory, and make sure that user has permission to write.

Want the best answers? Ask the best questions!

TANSTAAFL!!