Jump to content
Larry Ullman's Book Forums

Recommended Posts

Really enjoying your book.

 

On page 345 you mention that file uploads entail creating a folder that everyone can write (chmod 777).

 

Wouldn't the best practice be to change the owner to www-data and set chmod 755 (on Linux systems)? Would this pose similar or any security risks?

 

Would you still want to configure the .htaccess file (to restrict the folder to only make mp3s publically viewable for instance)?

Link to comment
Share on other sites

Hey! Thanks for the question. Yes, I would say it'd be a best practice to set ownership of the directory to the user that the web server runs at. This could be www-data or apache or something else. This would be more secure than just open permissions. I would still want to keep the folder outside of the web root directory and only store things there and fetch from there after proper vetting. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...