On Jan 11, 2008 2:16 PM, Daniel Brown <parasane@xxxxxxxxx> wrote: > Make sure you change the permissions on the directory in which > uploads are saved to be non-readable by anyone (including yourself, in > case the scripts are suexec'd). > > For example, if the directory in which you save uploaded files is > uploads/ then just do this (on a *nix box): > chmod 300 uploads > > That way, files can still be saved to the directory (which > requires write and execute privileges), but the files cannot be read > or executed via the web, and directory listing is implicitly denied > for all protocols (and local access) to anyone except root. The uploaded scripts must be executed via the web because it's a host... Maybe we could prevent scripts from certain folders to see other folders... (chroot?) Do you know how to do it in apache? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
