Ok, I'm new to this so please don't kill me! Could I create a script that allowed me to upload images onto a webpage using php?
Example: I need to upload an image. I go to the designated upload- webpage and there I can upload an image a designated webpage. Is this possible?
Uploading images through PHP
Moderator: General Moderators
search this forum
i.e. with
i.e. with
there are plenty of topicsSearch for Keywords: image upload
(x) Search for all terms
- noguru
- Forum Commoner
- Posts: 61
- Joined: Thu Jun 06, 2002 4:03 am
- Location: Just north of the City Of Gold, Land of Milk and Honey
Hi
I've just downloaded php-update v1.0 from hotscripts.com, but the readme file says that the directory on the server should have '0777' permissions. Is that necessary? My boss does not really want to have write access set to directories. What exactly is the security risk if some directories on the server have write access? Does it increase the risk to be hacked? I have tried to upload files without giving write access to the directory, but then I get permission denied.
I've just downloaded php-update v1.0 from hotscripts.com, but the readme file says that the directory on the server should have '0777' permissions. Is that necessary? My boss does not really want to have write access set to directories. What exactly is the security risk if some directories on the server have write access? Does it increase the risk to be hacked? I have tried to upload files without giving write access to the directory, but then I get permission denied.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
A hacker can upload a virus but if you're checking the file extensions of the files as they come in and making sure they're what you expect you can get rid of blatant viruses immediately. The thing to think about is how will that hacker execute the file - viruses have to be run to do any harm - simply uploading a file, even if it is a virus will not do anything, if you retrieve that file and execute it then it will. Simple thing to do - don't trust anything sent in by a user and run a virus scan over it before it is used.
As for gaining access to all your other directories, surely you've put good security on them to prevent people from accessing things they shouldn't? Also, how will they anyone know which directory is being used for file uploads?
Mac
As for gaining access to all your other directories, surely you've put good security on them to prevent people from accessing things they shouldn't? Also, how will they anyone know which directory is being used for file uploads?
Mac