Re: image upload security issues

You only need to have write access for the process that writes to that directory. Since you don't tell us how you 'upload' (HTTP PUT? HTML file upload? FTP? rsync? UUCP? Email? NSF?), there isn't much more to say. It isn't Perl related either.

Abigail

Comment on Re: image upload security issues

Replies are listed 'Best First'.
HTTP PUT? by fraktalisman (Hermit) on Mar 10, 2004 at 22:54 UTC
Never saw that solution - does Apache (standard configuration) support PUT? What's the advantage? Not needing perl?	[reply]
Re: HTTP PUT? by Abigail-II (Bishop) on Mar 10, 2004 at 23:00 UTC
I've no idea whether it supports put. I'd be surprised if it doesn't, but I'd be surprised if it does without configuring it. As for the advantages, advantages over what? The advantages over an HTML form upload seems obvious to me, why deal with multiple protocols, if you can do with one? Abigail	[reply]
Re: Re: image upload security issues by ok (Beadle) on Mar 10, 2004 at 15:39 UTC
HTML file upload from a form. What does "write access for the process that writes to that directory" mean? Thanks.	[reply]
Re: image upload security issues by Abigail-II (Bishop) on Mar 10, 2004 at 16:01 UTC
What does "write access for the process that writes to that directory" mean? Uhm, it means just that. At one moment in time, the server receives an HTTP request, and it contains the content of a file. Somehow, this file needs to be written to disk. This can be done by the server (or one its children), for instance because mod_perl is used. Or the server can hand it off to a different process (for instance, because CGI is used). Anyway, eventually, there is a process that will do the writing. That process needs to have write permission in the directory. Abigail	[reply]