OCS Solutions Web Hosting Design and Consulting Web Hosting and Consulting Call Us
OCS Home  |  Wiki Front Page  |  Web Hosting  |  Virtual Dedicated Servers  |  Consulting  |  Support  |  Contact Us

Uploads in PHP

From OCS Support Wiki

Jump to: navigation, search

Introduction

Allowing for the upload of files in your PHP application can be a potential security risk, and as such there are special steps to take when doing so.

cPanel

On cPanel, we allow PHP uploads by default, but you cannot upload or create a file to a directory without 777 or rwxrwxrwx (world writable) permissions. The reason for this is that for maximum speed and compatibility PHP runs inside Apache and it runs as the user apache. By setting the permissions to 777 on a folder to be uploaded to it allows the file to be written to. It isn't easily possible for another user on the server to access these files as the shells on cPanel are jailed to the home directory of the user, and PHP will fail on opening a file not in your home directory, but it is still wise to move uploaded files to a non 777 folder for the highest possible security.

Webmin

On Webmin we have uploads disabled by default with PHP for security reasons. To enable them, please contact our support department and ask that they be enabled for your domain. Other than that, the file and folder permissions in the cPanel section above apply.

Retrieved from "http://wiki.ocssolutions.com/Uploads_in_PHP"
Personal tools