Hi,
This is probably a really basic answer that I should know but my mind has gone blank. I'm creating a little admin script for someone, it's in a folder that is password protected requiring authorization via htaccess.
I have one small script where they will upload images to a folder on the main site. As it's remote uploading via PHP I will need to CHMOD the recieving folder as 777. The folder would not be within the area requiring authorization but in the main web root.
My question is will those with bad intentions be able to exploit it just because it's set to 777 or will they not be able to because the upload script is in the htaccess password protected folder and thefore not accessible without the correct username and password?
Thanks in advance.
