Security for Wiki images upload?

Security for Wiki images upload?

Posted by: austicke
Posted on: 2005-05-30 12:57:00

This meta.wikimedia.org page about enabling image and file uploads states:

In reply to:

Before you do this, please make sure that your upload directory is configured in a safe manner so it's not possible to upload and execute arbitrary PHP code. Otherwise, someone could upload a PHP file, and might be able to do all sorts of horrible things like delete your entire website. Take a look at Security Guide.


I'd like to enable enable uploads, but what steps do I need to take to avoid problems? Can anyone help?

Re: Security for Wiki images upload?

Posted by: ravenoak
Posted on: 2005-05-30 16:00:00

You need to make sure that the permissions are set so that the proper people have write access while the general public (so to speak) has read access. Very few things need permissions to execute.

Raven Oak

www.ravenoak.net
www.torifest.com
www.6-58.com

Re: Security for Wiki images upload?

Posted by: austicke
Posted on: 2005-05-30 16:46:00

Thanks, ravenoak. Any idea how I do that? :)

Re: Security for Wiki images upload?

Posted by: ravenoak
Posted on: 2005-05-30 18:37:00

You can use shell access (telnet in) to edit the permissions if you know some simple Unix/Linux commands, or if you are using WinSCP to Secure FTP your files in, it allows you to change that right there in the FTP client.

You should probably read this on permissions:
https://panel.dreamhost.com/kbase/index.cgi?area=149&keyword=permissions
(part of the Dreamhost Knowledge Database)
and do a little more looking around the help area mentioned above. Changing permissions can royally f*ck up your site if you don't know what you're doing.
Worst comes to worst, email support and ask for advice on how to approach this. I'd think they'd rather can that email than one that says, "Sorry I messed up my entire account." ;)

Raven Oak

www.ravenoak.net
www.torifest.com
www.6-58.com

Re: Security for Wiki images upload?

Posted by: austicke
Posted on: 2005-06-05 14:22:00

FYI, I received the following response from support.

In reply to:

To: alec@usticke.org
Subject: Re: [austicke 4607623] Security for Wiki images upload?
From: DreamHost Customer Support Team <support@dreamhost.com>
Date: Sun, 5 Jun 2005 13:59:32 -0700 (PDT)

Hello,

The one click installer sets the correct permissions during the install. Thank you for being aware of potential problems, let us know if theres anything else we can help you with.

Thanks!


Tags: uploadphp filephp codeorgdreamhostalecuploadswikimediawikiarbitraryhorriblesortsenablingmetadeleteimagesimage