Developing a file sharing . just for fun. But the security issue has become acute, constantly trying to download php scripts there. I, of course, filter the data type, but for some reason it seems that anyway it is a very leaky thing. What advise to read on this topic?
- Your code: D Find holes and eliminate. - Baran
|
2 answers
As an option, do not store files at all in htdocs, and use nginx with X-Accel-Redirect and internal location . At the same time, it will be convenient to take into account every download.
And it will be convenient to upload files via the nginx upload module . Then nginx will deal with all the heavy I / O, and the scripts will only get “upload the file, it will be there, then fold it out as it should,” and the MD5 / SHA-1 reader built into the module will get rid of duplicates.
drdaeman drdaeman
8,605 14 35
|
Sometimes it is useful to see how others have done it. In the modern world there is a mass of "file dumps", it is not necessary to go far, for example, LetitBit. I also tried to upload a PHP file. But, as it turned out, Letitbit throws this file (and indeed all the files) into its depths and generates a unique coded link for them. Plus, he creates an HTML file, from which it is impossible to harm the server (yes =)) and writes into it an encoded link to your php-file. That's all.
AseN AseN
11.6k ten 51 116
- To my depths - is it beyond public_html? - butteff
- No, of course) how can I access them. - AseN
|