I was wondering if anyone would care to comment on the following.
I am currently building a business directory using PHPand MySQL for a
client who wants to be able to maintain the site themselves. The site will be hosted
on Apache (of course) and I have built an admin section where they can add
or delete entries in the database, and upload image files for the logos of listed
businesses. I plan to use HTTP authentication to allow access to this area by
the site owner only, however the directory containing the images will need
public write permissions for move_uploaded_file() to work. Both the size
and mime types of the uploaded file will be restricted.

Does anyone have any comments on the security issues involved here?
Is it sufficient to password-protect the admin area? Does the permissions for
the images directory compromise the rest of the site or indeed the server,
and would it make any difference if this directory was also password-protected?
Is there anything else I have not covered or should be aware of?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to