Jump to content

Is it bad for a photos folder to be publicly accessible?


moose-en-a-gant

Recommended Posts

The directory shouldn't be indexed (as in going to /uploads doesn't show a directory listing) but otherwise sure. But make sure you've validated uploads very, very well.

 

A safer course would be to keep the directory private, such as by locating it outside the web root, and use a script to pass-through the information. The advantage there is that the web server plays no part in interpreting the file and your script would force everything to "be" an image - even if someone got past your validation and uploaded something different.

Edited by requinix
Link to comment
Share on other sites

The directory shouldn't be indexed (as in going to /uploads doesn't show a directory listing) but otherwise sure. But make sure you've validated uploads very, very well.

 

A safer course would be to keep the directory private, such as by locating it outside the web root, and use a script to pass-though the information. The advantage there is that the web server plays no part in interpreting the file and your script would force everything to "be" an image - even if someone got past your validation and uploaded something different.

 

Yet another can of worms has been opened haha.

 

Great suggestion / advice, I'll need to look into this.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.