Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This is what I want an user to be able:
So I have created this dir with the following .htaccess
Allow from all
DirectoryIndex .x
php_flag engine off
Options -Indexes
Options -ExecCGI
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
ForceType applicaton/octet-stream
My question is, is this secure?
I would like to say: no
It should be more secure if you deny access from all and manage the download via a script that deliveres the files.
Furthermore you should rename the files, so that there e.g. nobody places his own htaccess or whatever.
The original filenames you can store in a DB.
Why: You will never know what happens in the future, some files can later get executable, somewhere else you place an insecure script that allows users to include those uploaded files, and so on.