button upload image to folder and permissions 755 [closed]

Question

button upload image to folder and permissions 755 [closed]

Navigation

#1 by (1 votes)
#2 by (0 votes)

0

my question is this:

through a button any user who accesses the form on my website can upload an image to an image folder. This works perfectly if the permissions of the folder are at least 757. What I need for security is that they can upload it if the folder has 755 permissions.

I have seen many cms that has the folder to upload documents and has 755 permissions. How is it done?

I do not know what you think? Besides putting the folder to 755, what advice do you give me in case someone tries to upload a Shell or something?

a cordial greeting.

php ubuntu

asked by Sanlu 29.09.2017 в 09:44

source

2 answers

My macro does not run completely Undefined when entering the value in the DB [closed]

score 1 · Answer 1

The folder where you upload the files, should belong to the same user as the one that runs the web page. That is, if the user running apache / nginx is www-data, the folder must belong to that user.

With this command you can change the owner:

sudo chown www-data carpeta

If you only want to upload images, you should control the type of file that you upload, in PHP there are functions that detect it:

mime_content_type()

link

score 0 · Answer 2

I recommend that you consider the design of the file upload algorithm well. To start with a good design in security, create a design based on layers.

At a minimum:

Use the lower access privilege law as the first layer.
Check on the client side whether the file meets the required specifications (Extension etc.) as a second layer.
Check on the server side if the file is who it says it is, first, it takes the first bits of the file in hexadecimal and checks that it has a matching header and acceptable as a third layer.

As a premium fortification aggregate:

To add a robust fortification, you need to find out if an image has been able to embed code and that, skip all the fortifications already created. It would be advisable to go through the entire file, get its hexadecimal and according to the format, calculate if there is any inconsistency in the image (between what should occupy and what it occupies, etc ..).