How to secure images folder

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rashidfarooq
Forum Newbie
Posts: 6
Joined: Wed Mar 30, 2011 7:39 am

How to secure images folder

Post by rashidfarooq »

I have an images folder in my root. I have to upload the images to this directory and after that access the images from it. How can I make it secure so that, No one can overwrite or delete the images from this directory.

I will be thankful for your answers.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to secure images folder

Post by Mordred »

If noone else but you will do the uploading, a simple password field in the upload form and a hardcoded check in the PHP source will be a perfect solution.
rashidfarooq
Forum Newbie
Posts: 6
Joined: Wed Mar 30, 2011 7:39 am

Re: How to secure images folder

Post by rashidfarooq »

Mordred wrote:If noone else but you will do the uploading, a simple password field in the upload form and a hardcoded check in the PHP source will be a perfect solution.
But will my directory be secure from outside access (mean what about if some one upload files from his own script and try to overwrite my images?)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to secure images folder

Post by Mordred »

This would be possible only if:
1) You have a buggy and publicly accessible upload script (the one you're talking about, or another one).
2) You are on a badly misconfigured shared hosting and someone with an account on the same server as you would be able to write in your folder.

Otherwise, there's nothing to fear.
rashidfarooq
Forum Newbie
Posts: 6
Joined: Wed Mar 30, 2011 7:39 am

Re: How to secure images folder

Post by rashidfarooq »

Thanks a lot brother for answering my problem. I have understood the concept.
Post Reply