Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
01-10-2008, 10:00 PM #1
- Join Date
- Jul 2006
- Thanked 0 Times in 0 Posts
File upload directory outside of web path - bad security?
I am wondering if, on IIS, it is bad practice to have a php script upload a file and place it outside the Inetpub folder -
for example, does it make a difference if I put the folder in D:\inetpub\wwwroot\sitefolder\uploads or if i put it in D:\folderhere
anyone have any insight?
01-10-2008, 10:28 PM #2
- Join Date
- Jan 2003
- Thanked 8 Times in 8 Posts
At face value, there are no problems. As long as you have your permissions setup correctly, people won't be able to get out of the directories they should be allowed into.
You could make a case for it adding security IF the folder is not web-accessible. That way, no one can get at the files once they have been uploaded unless they have file system access.
If it IS web-accessible, there could always be someone who decides that D:\folderhere is a great place to hide the confidential_financial_info.doc and accidentally makes it available to the world. You also have to worry about setting the permissions for this folder instead of sticking it in Inetpub and inheriting most of the permissions you need.