Web Development

View Public Profile for aliahsan81

10-22-2008

Registered User

62, 0

Join Date: Sep 2008

Last Activity: 29 October 2009, 4:19 PM EDT

Posts: 62

Thanks Given: 0

Thanked 0 Times in 0 Posts

yes

But in my setup i dont wana break current functionality,Then you know how programmer reacts.So i will be using what i said before

aliahsan81

Find all posts by aliahsan81

10-22-2008

Administrator

19,118, 3,359

Join Date: Sep 2000

Last Activity: 15 July 2022, 8:51 AM EDT

Location: Asia Pacific, Cyberspace, in the Dark Dystopia

Posts: 19,118

Thanks Given: 2,351

Thanked 3,359 Times in 1,878 Posts

Quote:

Originally Posted by aliahsan81

yes

But in my setup i dont wana break current functionality,Then you know how programmer reacts.So i will be using what i said before

Then please explain why taking files that are not supposed to be executable and making them read only or read-write only will break current functionality?

What you are doing is good, but it is not enough to be fully secure.

Neo

View Public Profile for aliahsan81

10-22-2008

Registered User

62, 0

Join Date: Sep 2008

Last Activity: 29 October 2009, 4:19 PM EDT

Posts: 62

Thanks Given: 0

Thanked 0 Times in 0 Posts

We never know what kind of software programmer make,may be they need some time picture with different extension,or my be they need to upload documents pfd or video file.that's why i am accpecpting all file to be uploaded but not allowing certain file to run on my server.

aliahsan81

Find all posts by aliahsan81

10-22-2008

Administrator

19,118, 3,359

Join Date: Sep 2000

Last Activity: 15 July 2022, 8:51 AM EDT

Location: Asia Pacific, Cyberspace, in the Dark Dystopia

Posts: 19,118

Thanks Given: 2,351

Thanked 3,359 Times in 1,878 Posts

Quote:

Originally Posted by aliahsan81

We never know what kind of software programmer make,may be they need some time picture with different extension,or my be they need to upload documents pfd or video file.that's why i am accpecpting all file to be uploaded but not allowing certain file to run on my server.

Yes, we already know that.

You did not answer my question.

Quote:

Then please explain why taking files that are not supposed to be executable and making them read only or read-write only will break current functionality?

Neo

View Public Profile for aliahsan81

10-22-2008

Registered User

62, 0

Join Date: Sep 2008

Last Activity: 29 October 2009, 4:19 PM EDT

Posts: 62

Thanks Given: 0

Thanked 0 Times in 0 Posts

Ohh yes you are right,i didnt understand your question,yes what you are saying is also perfect.
Thx Neo.

aliahsan81

Find all posts by aliahsan81

10-23-2008

Administrator

19,118, 3,359

Join Date: Sep 2000

Last Activity: 15 July 2022, 8:51 AM EDT

Location: Asia Pacific, Cyberspace, in the Dark Dystopia

Posts: 19,118

Thanks Given: 2,351

Thanked 3,359 Times in 1,878 Posts

Quote:

Originally Posted by aliahsan81

Ohh yes you are right,i didnt understand your question,yes what you are saying is also perfect.
Thx Neo.

I am not suggesting that you do one, or the other.

I am saying you should do both, (1) use your .htaccess directives and (2) create a crontab to insure all files are not executable. You might also consider changing ownership (chown) of the uploaded files in combination with chmod.

This is called "defense in depth" - using more than one security defense in case the other one fails.

Relying on only one security control creates a higher risk of compromise.

Neo