eddy556 Posted July 13, 2007 Share Posted July 13, 2007 I;ve got a bit of a problem with the way I have created a PHP script in terms of security. I have a server which serves media files from any of the folders A-Z. These are accessed through the index.htm page with has a variable passed to in in the URL. This variable is related to the folder name...so for example if the user wants to access the files in folder F they click a link which sends the variable F to index.htm which then searches for that folder and displays its contents. However I realised that carefully crafting the URL it is possible to access any folder (for example guessing a name or using ..) My question is how can I prevent this? Thanks Link to comment https://forums.phpfreaks.com/topic/59866-server-security-php-problem/ Share on other sites More sharing options...
ToonMariner Posted July 13, 2007 Share Posted July 13, 2007 place folders you don't mind being searched into a dir of its own. in your script hardcode that folder as the first part of the path and remove any '../' from the path passed in the url. Link to comment https://forums.phpfreaks.com/topic/59866-server-security-php-problem/#findComment-297686 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.