Forum Moderators: phranque
I was wondering how I protect the folder from hackers? I see that I am supposed to edit the htaccess file within the directory. However, I have 4 versions of that file...
.htaccess
-htaccess
/htaccess
:htaccess
and a file titled %2fhtaccess
Do I have to edit all of them? And what exactly is the code? I chmodded the directory to allow images to be uploaded using a phpbb.
Thanks.
As for allowing uploaded files, I've never looked into Apache directives to make that safe. On the rare occasions when I want to let users upload a file, I use a form with a file input. The file gets created in a non-web-accessible directory using a pre-made tempfile creation function to evade most tempfile creation attacks, and then if I need the file to last longer than it takes to process the data inside it I'll have PHP move it. I don't think I'd ever set permissions on *anything* higher than 775. Even that is so permissive it makes me nervous.
