创建上传目录的最安全方法是什么?
[英]What is the most secure way to create upload directories?
问题描述
I have an image upload script. 
我有一个图片上传脚本。 I ran into some trouble with permission errors so for the last little while the upload directory has had permissions 0777. Dangerous, I know. 我在权限错误方面遇到了一些麻烦,因此在最后一刻,上传目录的权限为0777。很危险,我知道。
For some reason, it was the only permission that would allow the files to upload. 由于某种原因,它是唯一允许文件上传的权限。 I have now realised that the reason a safer permission didn't work was because of the owner of the directory. 我现在意识到,更安全的权限不起作用的原因是目录的所有者。
I've been creating my upload directories using FTP. 我一直在使用FTP创建上传目录。 I thought this would be okay. 我以为可以。 But from what I understand FTP and HTTP aren't in the same group? 但是据我了解,FTP和HTTP不在同一个组中?
I've started creating the directories using PHPs mkdir() allows me to set a safer permission that works with my script. 我已经开始使用PHP创建目录mkdir()允许我设置与脚本兼容的更安全的权限。
But before I possibly get into another bad habit. 但是在我可能养成另一个坏习惯之前。 Can someone please confirm that this is the correct way to do it? 有人可以确认这是正确的方法吗? Is there a better way? 有没有更好的办法?
1 个解决方案
解决方案1
0 2014-03-25 08:12:05
The owner of the directory should be the user which runs your PHP script - on Ubuntu this would be www-data . 目录的所有者应该是运行您的PHP脚本的用户-在Ubuntu上,这将是www-data 。 Shortly, creating folders with PHP mkdir() is okay. 很快,可以使用PHP mkdir()创建文件夹。 Then you should set permissions. 然后,您应该设置权限。 0700 is the most secure but if other user needs to read from or write to this directory, you should add this user to the main group of user which runs your PHP script and set permissions to 0750 or 0770 respectively. 0700是最安全的,但是如果其他用户需要读取或写入此目录,则应将此用户添加到运行PHP脚本并将权限分别设置为0750或0770的主要用户组中。 On Ubuntu this group is also www-data . 在Ubuntu上,该组也是www-data 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.