Quote:
Originally Posted by
aliahsan81
Ohh yes you are right,i didnt understand your question,yes what you are saying is also perfect.
Thx Neo.
I am not suggesting that you do one, or the other.
I am saying you should do both, (1) use your .htaccess directives and (2) create a crontab to insure all files are not executable. You might also consider changing ownership (chown) of the uploaded files in combination with chmod.
This is called "defense in depth" - using more than one security defense in case the other one fails.
Relying on only one security control creates a higher risk of compromise.