How to secure ['file_storage_path']

Get help from the community here.

Moderator: Developers

darius1302
Posts: 24
Joined: Thu Jan 21, 2010 10:45 pm

How to secure ['file_storage_path']

Postby darius1302 » Tue Mar 16, 2010 5:26 am

Hello,

i installed GO on an webspace. So the ['file_storage_path'] is also in the webroot.

i access GO with www.pathtoGOinstallation.de
but i also can access it with http://servername.webhosteradress.de/username/GOfolder also the storage folder

How to secure the ['file_storage_path'] folder ?
ael
Posts: 50
Joined: Mon Sep 14, 2009 11:38 am
Location: France

Re: How to secure ['file_storage_path']

Postby ael » Tue Mar 16, 2010 7:31 am

Hello,

If you don't have any access to the filesystem directly I think your best bet is to use a custom .htaccess file.

Something along the lines of :

Code: Select all

Options All -Indexes

<Limit GET POST PUT>
 order deny,allow
 deny from all
</Limit>
rosetta
Group-Office Expert
Group-Office Expert
Posts: 546
Joined: Tue Jul 14, 2009 2:25 pm
Location: Norway
Contact:

Re: How to secure ['file_storage_path']

Postby rosetta » Tue Mar 16, 2010 8:45 am

I think it is very risky to have the file storage in the web root.

I have seen hosting companies where users can view the www directories of all other users when they are logged in via SSH / shell access :(

.htaccess will not protect in those cases.

Are you sure that you can not create a folder along side your www dir ?

Who is online

Users browsing this forum: No registered users and 4 guests