How secure is the file-upload and create-folder feature in FCK 265?
I made sure the upload is enabled for logged-on users already. So that is OK.
But: in case a user is logged on, would (s)he be able to upload files/create folders OUTSIDE the userfiles folder? Because that would be a very big problem in my case. I checked the code, but I can't sort this out by myself.
So again, my question is: Would a hacker-minded (authenticated) user be able to post data OUTSIDE the userfiles folders?
Thanks in advance. This is a very important issue for me.
I made sure the upload is enabled for logged-on users already. So that is OK.
But: in case a user is logged on, would (s)he be able to upload files/create folders OUTSIDE the userfiles folder? Because that would be a very big problem in my case. I checked the code, but I can't sort this out by myself.
So again, my question is: Would a hacker-minded (authenticated) user be able to post data OUTSIDE the userfiles folders?
Thanks in advance. This is a very important issue for me.
Re: Security
That would be a huge security risk as you have understood. That's why all the file connector configuration is done only on the server side.