On Jan 11, 2008 2:16 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>     Make sure you change the permissions on the directory in which
> uploads are saved to be non-readable by anyone (including yourself, in
> case the scripts are suexec'd).
>
>     For example, if the directory in which you save uploaded files is
> uploads/ then just do this (on a *nix box):
>         chmod 300 uploads
>
>     That way, files can still be saved to the directory (which
> requires write and execute privileges), but the files cannot be read
> or executed via the web, and directory listing is implicitly denied
> for all protocols (and local access) to anyone except root.

The uploaded scripts must be executed via the web because it's a host...
Maybe we could prevent scripts from certain folders to see other
folders... (chroot?)
Do you know how to do it in apache?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to