You could try some of the stuff on the talk page ( http://meta.wikimedia.org/wiki/Talk:Documentation:Security#Download_Security... like what you want), but, ultimately, I would just be careful with the allowed file extensions: You don't want untrusted users being able to upload PHP files! Also, see if you can avoid giving world and group write permissions on the upload directory.

On 4/22/07, Eric K ek79501@yahoo.com wrote:

I'm reading this: http://meta.wikimedia.org/wiki/Documentation:Security#Upload_security

I still want to make the system as safe as possible so that a hacker can never upload anything malicious and run it. Our server was compromised but that was through someone who was using an unsafe CMS.

Is there anything like, setting the Uploads directory to a directory that is outside the WWW root, so even if a hacker uploads a scipt, he cant run it using the browser, because its not accessible?

And also I guess we should set the permissions of that directory to be non-executable, but writebable by all?

thanks Eric

---

Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Eric,

There are multiple answers to you question depending on what you're trying to do.

If you are trying to restrict access so that uploaded files cannot be accessed in any way except through MediaWiki, you may want to read:

http://www.mediawiki.org/wiki/Manual:Image_Authorisation

If you just want to create a non-executable directory that is not part of the web root, look up:

$wgUploadPath $wgUploadDirectory

You may also want to take a look at:

$wgFileExtensions - do not allow server executables such as php, asp, pl, etc. $wgEnableUploads = false; # disallow uploads altogether

$wgGroupPermissions['*']['upload'] = false; # Disallow anonymous users uploads $wgGroupPermissions['*']['reupload'] = false; $wgGroupPermissions['*']['reupload-shared'] = false; $wgGroupPermissions['*']['minoredit'] = false;

# Disallow logged in users access, until you approve their ability to upload $wgGroupPermissions['user']['upload'] = false; $wgGroupPermissions['user']['reupload'] = false; $wgGroupPermissions['user']['reupload-shared'] = false;

# Allow only approved accounts to upload $wgGroupPermissions['approved']['upload'] = true; $wgGroupPermissions['approved']['reupload'] = true; $wgGroupPermissions['approved']['reupload-shared'] = true;

Jack D. Pond

"The devil has put a penalty on all things we enjoy in life. Either we suffer in health or we suffer in soul or we get fat." -- Albert Einstein. 1879-1955 -----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Eric K Sent: Sunday, April 22, 2007 4:07 PM To: MW Subject: [Mediawiki-l] Upload security

I still want to make the system as safe as possible so that a hacker can never upload anything malicious and run it. Our server was compromised but that was through someone who was using an unsafe CMS.

Is there anything like, setting the Uploads directory to a directory that is outside the WWW root, so even if a hacker uploads a scipt, he cant run it using the browser, because its not accessible?

And also I guess we should set the permissions of that directory to be non-executable, but writebable by all?

--------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l