s0c0 Posted February 14, 2007 Share Posted February 14, 2007 My php app allows users to store files on my server. Each user has their own directory on apache where the files go. Currently I have this directive: Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec Which gives the user a forbidden error if they were to try to navigate to www.example.com/user/ted. Is this the best way to do this or should I be doing this a more elegant way? While this is ok security I guess a program could be written that brute forced http requests like www.example.com/user/ted/file.zip ... file2.zip ... file3.zip etc and eventually it could download a file. So what are best practices on making this more secure? Anyways I'd appreciate your thoughts on this matter. Quote Link to comment https://forums.phpfreaks.com/topic/38441-apache-directory-security-best-practices/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.