The installation guide of fckeditor requires to chmod 777 of the upload dir under linux, which i think can cause security problems.
While the default 755 authority does not allow the upload feature.
How can i enable it without using 777 authority?
By the way, i added some session checking code in fckeditor/editor/filemanager/connectors/php/config.php on line 30 instead of the default
At last, i wonder why this forum itself does not use fckeditor?:)
Thanks!
While the default 755 authority does not allow the upload feature.
How can i enable it without using 777 authority?
By the way, i added some session checking code in fckeditor/editor/filemanager/connectors/php/config.php on line 30 instead of the default
$Config['Enabled'] = false, is this the only thing i should do to config the security issue for fckeditor? What else should i pay attention to?
At last, i wonder why this forum itself does not use fckeditor?:)
Thanks!
Re: How to tackle the upload security Problem of 777 under linux
You have to make sure that whoever is uploading files is properly authenticated. Mapping web users to system users may require more maintenance if the number of users is high and may potentially lead to security vulnerabilities, compared to setting the upload infrastructure to rely on an anonymous user, like nobody or IUSR_x and using application-level authentication (e.g. cookie/session based).
Andre
Re: How to tackle the upload security Problem of 777 under linux
I solved this problem by changing the owner of the upload dir from root to the one which apache is running as.
On my Opensuse, apache is running as user wwwrun of group www, so I just use:
The default upload dir "userfiles" has permission 755, and now I can upload through fckeditor.
Re: How to tackle the upload security Problem of 777 under linux
Andre