upload folder

Discussion in 'Hosting Services / Control Panel' started by malbar99, May 16, 2006.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. malbar99

    malbar99

    I want my site users to upload their images into upload folder inside my site.</o:p>
    Is it ok and safe (in security wise) to give a read, write access to anonymous in order to upload images.</o:p>
    I'm using more than one upload folder, </o:p>
    One for news another fore article, etc...</o:p>
    </o:p>
    What is the best practice in such case?
     
    malbar99, May 16, 2006
    #1
  2. joelnet

    joelnet

    It can or cannot be safe depending upon how you code your application. Just setting the permissions will not result in an exploit. Though this in combination with a vulnerability in your application could yield an exploit.



    Joel Thoms
    DiscountASP.NET
    http://www.DiscountASP.NET
     
    joelnet, May 16, 2006
    #2
  3. Bruce

    Bruce DiscountASP.NET Staff

    This can be dangerous if you allow people to upload unrestricted file type to your site.

    For example, i can upload an ASP file to your site that delete all files on your site. On the other hand, if you only allow them to upload .jpg file to your site, that would not cause much harm.

    Bruce

    DiscountASP.NET
    www.DiscountASP.NET
     
    Bruce, May 17, 2006
    #3
  4. malbar99

    malbar99

    Thanks,[​IMG]
    In FrontPage I foundan option where I can remove select from option "Allow script to be run".</o:p>
    I do not know if this option will stop running any harm coding in asp, JavaScript or any other type of scripts.</o:p>
    </o:p>
     
    malbar99, May 17, 2006
    #4
  5. Bruce

    Bruce DiscountASP.NET Staff

    Bruce, May 17, 2006
    #5
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page