[AndrewD]

Quote:

Originally Posted by Golzarion

I haven't installed yet. but I'm going to use it...

1. Should I create " download" folder with Permission 777 ?

If yes ... I had some problem with folders by 777 permision... because these folders are not safe .

and anyone have the full permission to access the folders ! and probably can hack the site !! or cause other problems...

how is the security ?

thank you.

If you want an absolutely secure site, then you must give people the absolutely minimum access that they need. However, if you want to let them share files, then there has to be somewhere to store these files. vbulletin's standards solution (for attachments) of storing the contents of the files in the database is fine for a relatively small number of relatively small files, but is not useful for a general purpose file exchange site.

You should certainly think carefully about where you create the upload/download folder and what types of file you will allow people to upload. But there's no need to open up your entire site. Giving open access permissions to a folder does not mean that you are giving people freedom to do anything they like. They still have to gain access.

Your web server has to be able to create and then read the files and directories in which the uploads are stored. This means that it has to be writeable by PHP. The easiest way to do this is CHMOD it 777, although some other mode may be possible depending on how your server is built.

Generally, it is not recommended that folders that are CHMODed 777 are stored within your web root. LDM works perfectly well if the upload/download folder is located above the document root, provided other security settings on your server allow this. (This prevents people from having any direct access) You tell LDM whereabouts things to be stored (outside the web root/inside the web root) by using the <em>local_file_root</em> and <em>local_file_root_prefix</em> settings in LDM's admin settings page.