vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   How to secure upload folder? (https://vborg.vbsupport.ru/showthread.php?t=310301)

popup 04-07-2014 08:43 PM
How to secure upload folder?
 
I have all my attachments in a /webroot/uploaded folder. The permission to the foler is drwxr-xr-x at the moment. However this does not allow me to upload any attachments. On the onther hand I fear to assign 777 to the folder, fearing that it might open a hole to exploit.

So I am wondering what is the proper way to secure the upload folder?

RichieBoy67 04-07-2014 08:53 PM
Set the upload folder to 777. It is just a directory so there is not much that can be done to "exploit" it.

popup 04-07-2014 09:04 PM
Ů‹Richie, I'm not an expert but I've read that it is not a good idea to give 777 to any of the folders. The general recommendation for folders is 755 or 644.

RichieBoy67 04-07-2014 09:36 PM
Well yeah, most folders should be at 755 with files being at 644 but upload folders need write access. In other words, your site needs to be able to write to it. It cannot do that without write access.

It also depends on your server. Not all use 777.

You should be fine with your upload folder set at 777.

BTW - The fact that your site was hacked had nothing to do with an upload folder. :)


All times are GMT. The time now is 03:45 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01033 seconds
  • Memory Usage 1,706KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete