Uploading an Image - Secure? - PHPBuilder Forums

Uploading an Image - Secure?

rex3

Hi, I was wondering whether having the destined folder which captures in the uploaded images set to 0777 chmod is secure at all.

I have made a form that captures information and a image file, the info gets sent to the mysql database and the image get uploaded into a certain folder. I was wondering whether having it chmodded 24/7 so i can allow the public to upload images is secure.

If it's not can any one tell me how else you would allow people to upload images into a folder securely. Also the chmod function doesn't work for some reason, when i use that function, an error occurs saying "operation not permitted".

please help.

Thanks

MarkR

Enabling "world" write access to a directory will not enable people to write to a directory if they don't have any mechanism to do so.

Normally people won't.

It would be VERY dangerous if they could, as there would be nothing stopping them from uploading a .php file and then having it executed by the server (unless you'd blocked that somehow in your Apache config)

Mark