hi,

Due to I allow users to upload images/files into my web-site, so I have to set a folder which name uploadfile to be writable. But, my concern is would it be a problem?? I mean security problem. As we know that window 2000k has provided a lot of folder's permission such as Folder Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. Until what limit our web-site should be exposed so that it won't get hacked??

May I know what is the normal practise for most of the web-site which allow user to browser and upload files (especially photos) to their sites???

Please advice!

I'm not quite sure what you mean,

Do you just want to allow users to browse the uploaded file, aka directory listing or do you want to know if write permissions could be a problem if you have it viewable as well?

In the event of either I believe it is unlikely that you'll be "hacked".. but if you are really worried then I think that you should have the folder for uploads above the root directory, that way it is inaccessible via http, then browsing will only require a simple serverside script to list all the files.

Also make sure the form that has the upload script is on a secure page and not out in the open. I'd also recommend if you are just uploading images, write your script to reject other types of files so you don't get a malicious .exe or something on your server.

Yup, thanks oracleguy, I will limit the file type to be uploaded.

Hi Mhtml,

what i want is allow user to upload images file to our site, like what most of the web-sites allow us to upload and publish our photos on the web. My concern is would it be a problem(security) id I set my web site's folder (image folder) to be writable, as I was told not set it to writable as it might be hacked.


My problem is would it be a posibilities it can be hacked??????