doutuo3935 2017-09-14 00:00
浏览 98

在Web服务器上设置文件权限

Need a bit of clarification on this.

I have a folder in my web server that will contain sensitive information that no one should be able to read. My script currently does this:

makes the folder with 0777 permission and places an image in that folder

I have a second script that does this:

pulls that image from that specific folder, and shows it to the user

However, right now if the user knew the exact name of the parent folder, they can just type it in their browser and see all the images contained in that folder, like: www.testsite/test/images

What file permission can I use instead of 0777, that will allow these two scripst to write in and read in to the folder, WITHOUT allowing anyone to view the contents of the folder when typing it in their browser?

  • 写回答

1条回答 默认 最新

  • dongren5293 2017-09-14 00:10
    关注

    If I understand your problem correctly, you're worried about a user typing in /test/images/ into the URL bar, and seeing the directory listing containing your secret file.

    Setting a chmod of 000 would mean that neither of your scripts (nor you) would be able to access the folder.

    In my opinion, you'd be far better off using .htaccess with deny from all. This will make it so that you cannot 'open' any file in that folder, though you can still include them in PHP.

    Alternatively, you may opt for creating an index.php in your /images/ folder, and setting an automatic redirect with header('Location: /'). This way a user wouldn't be able to see the directory listing.

    Hope this helps! :)

    评论

报告相同问题?

悬赏问题

  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了