Uploading arbitrary files...
Posted: Thu Sep 18, 2008 4:12 pm
I have a script which allows arbitrary file types to be uploaded...
My server is (from what I understand) configured to only run PHP -- I would double check on a live machine.
WHat are the dangers in allowing uploading of arbitrary files? If my LAMP setup does not have Ruby or other scripting languages installed and I disabled PHP from executing in the directories where uploads are allowed would this suffice?
My server is (from what I understand) configured to only run PHP -- I would double check on a live machine.
WHat are the dangers in allowing uploading of arbitrary files? If my LAMP setup does not have Ruby or other scripting languages installed and I disabled PHP from executing in the directories where uploads are allowed would this suffice?
Code: Select all
<Directory /var/www/app/public/uploads/>
php_admin_flag engine off
</Directory>