i am very worried about assigning 777 permissions to anything that is uploaded via PHP script. i own a dedicated server running centos with cpanel.
I read somewhere that assigning the apache or nobody ownership to the upload folder is a good security measure. I did try assigning nobody to the upload folder using
Quote:
chown -R nobody uploads
chmod -R 770 uploads
|
It looks like not working for me. Here is what the problems i have...
Eventhough now apache is only able to write and no world permissions, when i point to
http://url/folder the file contents are listed. i dont want anybody to see whats inside the upload folder. It should get forbidden error? isnt it?
i am confused here...
whats the best way of securing upload folders?