I was wondering if anyone would care to comment on the following.
I am currently building a business directory using PHPand MySQL for a
client who wants to be able to maintain the site themselves. The site
will be hosted
on Apache (of course) and I have built an admin section where they can add
or delete entries in the database, and upload image files for the logos
businesses. I plan to use HTTP authentication to allow access to this
the site owner only, however the directory containing the images will need
public write permissions for move_uploaded_file() to work. Both the size
and mime types of the uploaded file will be restricted.
Does anyone have any comments on the security issues involved here?
Is it sufficient to password-protect the admin area? Does the
the images directory compromise the rest of the site or indeed the server,
and would it make any difference if this directory was also
Is there anything else I have not covered or should be aware of?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php