为上传文件夹提供这些权限是否安全? [英] Giving upload folder these permissions safe or not?
问题描述
我有一个带有图片脚本的分类广告网站,用于将图片上传到广告上.
I have a classifieds website with a picture script for uploading pics onto the ads.
图片已上传到图片"目录.
The pics are uploaded to the "images" dir.
执行此操作的php代码需要对我正在猜测的目录具有写权限...
The php code which does this requires write access to the directory I am guessing...
那么,您将对php upload file
和images
目录设置什么权限?
So, what permissions would you set to the php upload file
, and the images
directory?
我这样想:
drwxr-xr-x
安全/好还是不好?
谢谢
ALSO,另一个简短的问题:我应该将我的网站文件owned
和username
保留在一起,还是将我的网站文件owned
保存到root
中?
ALSO, another short Q: Should I have my websites files owned
by the username
I have, or should I keep them owned
by root
?
推荐答案
drw-r--r--(644).请注意用户能够将php/其他脚本和可执行文件推送到您的服务器上.
drw-r--r-- (644). Be careful with users being able to push php/other scripting and executable files up to your server.
请小心用户将js和html文件推送到您的网站.
Be careful with users being able to push js and html files up to your website.
由您的网络服务器用户名拥有.不要创建没有业务所有权的根拥有文件. Root是管理员,而不是您的Web服务器.
Owned by the username you have for your webserver. Don't make root own files it has no business owning. Root is the adminstrator, not your webserver.
在php.ini文件中查找upload_tmp_dir =
Have a look in your php.ini file for upload_tmp_dir =
这篇关于为上传文件夹提供这些权限是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!