在设置文件夹的上传权限777安全？ [英] Is setting the uploads folder 777 permission secure?

问题描述

我已经看到了很多的上传形式砍死，而一些原本被上传文件的一些很好的安全检查（至少我是这么认为的），但仍然有人设法上传的PHP文件。

I have seen a lot of upload forms hacked, and some had some really good security checks of the file being uploaded (at least I think so), but still somebody managed to upload a PHP file.

我想知道：是有上传在具有777权限的文件夹上传一个文件的方法吗？我想到的是使用HTTP PUT的。

I was wondering: is there is a way to upload a file in the uploads folder that has 777 permissions? I am thinking of using HTTP PUT.

推荐答案

在一般777大约是的不安全的，因为它得到...这意味着任何人都可以读取和写入文件。

In general 777 is about as insecure as it gets... that means anybody can read and write to your files.

HTTP PUT本身并不比任何HTTP POST更安全，如果你允许上传的文件到您的服务器上exceuted。

HTTP PUT isn't inherently any more secure than HTTP POST if you're allowing the uploaded files to be exceuted on your server.

总的来说，如果你的是的允许任意的文件执行，你需要做非常好的文件，检查服务器端，并在服务器上使用的chroot将是明智的。

Overall, if you are allowing arbitrary files to be executed you need to be doing very good file checking server-side, and using chroot on the server would be wise.

权限明智的，我一般都设置任何网络访问644通过服务器用户所拥有。

Permission-wise, I generally set anything web-accessible to 644 owned by the webserver user.

这篇关于在设置文件夹的上传权限777安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！