Greetings All,
I recently obtained UpDownloads, threw it on my dev server and was quite happy with the result. Well, the one problem was chmod 777 for the uploads directory... This would seem to be a security risk, so what is the alternative? There was a suggestion in the docs that said 0770 might work but that seems to leave no privelege to upload. Any thoughts?
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- Guite responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 05:53 PM
- frw responded to »Bug in the SMTP mail transfer protocol - Port 25 - Zikula 1.2.9« 22. May
- mdee responded to »Short URL questions« 22. May
- mesteele101 responded to »Problem in Database Connection« 21. May
- Herr.Vorragend responded to »Clip Documentation and Doubt« 19. May
- mazdev responded to »zikula 1.3.3. and IE9« 19. May
- mesteele101 responded to »How to install Zikula for MSSQL ??? - Part II« 19. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
UpDownload Module: Are the permissions a security risk?
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 24
Posted: Nov 11, 2003 - 09:25 PM
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 24
Posted: Dec 06, 2003 - 06:55 PM
So, yes now I'm trying out DownloadsPlus...I'm still wondering what the optimally secure way to provide upload ability. Is there no way to stick a file into the database? It seems if that were possible that would be the safest way. Any thoughts would be appreciated. -
**unknown user**
- Rank: Softmore
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 292
Posted: Dec 08, 2003 - 12:48 AM
The problem with BLOB (binary large object) columns in the DB is the performance hit the server takes. I have not tried this personally yet, but I have been told (and you can check the mysql.com documentation yourself for more on this) that it is not a good idea. This has come up often for gallery projects because people want to store the picture data in the DB rather than a path to each picture. But apparently, it is many times faster to simply store a link to the object as most of the modules do. -
- Rank: Softmore
- Registered: Feb 07, 2003
- Last visit: Jun 11, 2008
- Posts: 225
Posted: Dec 08, 2003 - 06:14 AM
If you are interested my MultiImage module ( http://noc.postnuke.com/projects/multiimage/ ) has the option of storing images in the DB. You can see a demo at:
http://curttimmerman.net/pn/
The 2 upper right blocks. Most of the images come from the DB.
- Moderated by:
- Support
