Re: [ALUG] Stopping Apache running scripts from writeable directories

3 Oct 2007


      "Dennis Dryden" ddryden@gmail.com wrote:
...
Maybe im just being naive but couldn't you just check the file
extension/mime type to make sure uploads are images, and not allow execution
rights on uploads?
Close but no cookie: the sender sends the file extension and mime type
(so they can't be trusted), while things like PHP modules usually
execute files without needing execution rights, so you need to
explicitly switch them off.
So, this is a PITA.  Anyone writing an apache module to stop things
from server-writeable directories running?
Regards,
-- 
MJ Ray http://mjr.towers.org.uk/email.html tel:+44-844-4437-237 -
Webmaster-developer, statistician, sysadmin, online shop builder,
consumer and workers co-operative member http://www.ttllp.co.uk/ -
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

Re: [ALUG] Stopping Apache running scripts from writeable directories