Jump to content

Security issues with upload script

ernie

By ernie
in PHP Installation and Configuration

 Share

Recommended Posts

ernie Newbie

ernie

Posted
Posted

Hello,

 

I am currently writing a modest file upload script to automate the making of picture galleries. I plan on uploading a .zip file and then unpack that it in a folder I specify.

 

My questions:

1. I've done some reading on the net, unpacking the .zip file should go with shell_exec function right? But is this not a security risk, just having shell_exec turned on on your server?

2. I cannot chmod the folder I want to put the files in to 777, which is needed for the script to work. I assume this is because the user php is running under does not have enough permissions. Anybody got an idea how to solve this? Create a new user with more privileges and run php under that one? Another piece of coding instead of the ftp_chmod and chmod functions?

3. Is there anyone here who has a similar script running and willing to explain how he/she made it secure?

 

Any help is greatly appreciated.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.