[Mediawiki-l] Upload security
Emufarmers Sangly
emufarmers at gmail.com
Sun Apr 22 20:24:40 UTC 2007
You could try some of the stuff on the talk page (
http://meta.wikimedia.org/wiki/Talk:Documentation:Security#Download_Securitysounds
like what you want), but, ultimately, I would just be careful with
the allowed file extensions: You don't want untrusted users being able to
upload PHP files! Also, see if you can avoid giving world and group write
permissions on the upload directory.
On 4/22/07, Eric K <ek79501 at yahoo.com> wrote:
>
> I'm reading this:
> http://meta.wikimedia.org/wiki/Documentation:Security#Upload_security
>
> I still want to make the system as safe as possible so that a hacker can
> never upload anything malicious and run it. Our server was compromised but
> that was through someone who was using an unsafe CMS.
>
> Is there anything like, setting the Uploads directory to a directory
> that is outside the WWW root, so even if a hacker uploads a scipt, he cant
> run it using the browser, because its not accessible?
>
> And also I guess we should set the permissions of that directory to be
> non-executable, but writebable by all?
>
> thanks
> Eric
>
>
> ---------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check outnew cars at Yahoo! Autos.
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
--
Emufarmers Sangly
Pirate, Cowboy,
Hellraiser
More information about the MediaWiki-l
mailing list