[Mediawiki-l] Upload security
Eric K
ek79501 at yahoo.com
Sun Apr 22 20:07:01 UTC 2007
I'm reading this:
http://meta.wikimedia.org/wiki/Documentation:Security#Upload_security
I still want to make the system as safe as possible so that a hacker can never upload anything malicious and run it. Our server was compromised but that was through someone who was using an unsafe CMS.
Is there anything like, setting the Uploads directory to a directory that is outside the WWW root, so even if a hacker uploads a scipt, he cant run it using the browser, because its not accessible?
And also I guess we should set the permissions of that directory to be non-executable, but writebable by all?
thanks
Eric
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.
More information about the MediaWiki-l
mailing list