Hello there,
I'm running into an interesting security issue, and I feel like I may be trying to shoot myself in the foot.
I want users to have ftp access to their own private folder, using an ftp client (i.e., web-based client won't work because external programs have to be able to upload xml files.)
Of course, all they would need would be a php file including the config file and dumping the database to ruin pretty much everything. So my question is, while I can't do anything about what filetypes are uploaded through whichever ftp program of their choice is, if I deny from all (via .htaccess) all files which don't match a regex (jpg, jpeg, gif, xml), there would be no way for them to execute the potentially harmful (php, mainly) files, correct?
- Monkey
htaccess securing ftp upload folder
Moderator: General Moderators
-
The Monkey
- Forum Contributor
- Posts: 168
- Joined: Tue Mar 09, 2004 9:05 am
- Location: Arkansas, USA