设置上传文件夹 777 权限安全吗? [英] Is setting the uploads folder 777 permission secure?

问题描述

我见过很多上传表单被黑，有些对上传的文件进行了一些非常好的安全检查(至少我是这么认为的)，但仍然有人设法上传了 PHP 文件.

I have seen a lot of upload forms hacked, and some had some really good security checks of the file being uploaded (at least I think so), but still somebody managed to upload a PHP file.

我想知道:有没有办法在上传文件夹中上传具有 777 权限的文件?我正在考虑使用 HTTP PUT.

I was wondering: is there is a way to upload a file in the uploads folder that has 777 permissions? I am thinking of using HTTP PUT.

推荐答案

总的来说，777 几乎不安全...这意味着任何人都可以读取和写入您的文件.

In general 777 is about as insecure as it gets... that means anybody can read and write to your files.

如果您允许上传的文件在您的服务器上执行，则 HTTP PUT 本质上并不比 HTTP POST 更安全.

HTTP PUT isn't inherently any more secure than HTTP POST if you're allowing the uploaded files to be exceuted on your server.

总的来说，如果你允许执行任意文件，你需要在服务器端做好文件检查，在服务器上使用 chroot 是明智的.

Overall, if you are allowing arbitrary files to be executed you need to be doing very good file checking server-side, and using chroot on the server would be wise.

在权限方面，我通常将任何可通过网络访问的内容设置为网络服务器用户拥有的 644.

Permission-wise, I generally set anything web-accessible to 644 owned by the webserver user.

这篇关于设置上传文件夹 777 权限安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！