I am currently reviewing my PHP script which allows users to upload a photo.
In my script, I see these notes…
* $_FILES['userfile']['tmp_name']
* Temporary filename of the file in which the uploaded file
* was stored on the server.
*
* Files will, by default be stored in the server's default
* temporary directory, unless another location has been given with
* the upload_tmp_dir directive in php.ini. The server's
* default directory can be changed by setting the
* environment variable TMPDIR in the environment in which PHP runs.
* Setting it using putenv() from within a PHP script will not work.
* This environment variable can also be used to make sure that
* other operations are working on uploaded files, as well. *
Knowing virtually nothing about Server Maintenance, and not knowing what my new Hosting Environment will be latter this month - other than Linux - could someone give me some tips on any Security Concerns that I should have pertaining to this?
(Somewhere in the past I recall that there was somewhere with Web Pages and PHP where you wanted to change the default “Temp Directory” because it was easy pickins for hackers… Maybe that was with SESSIONS?)
The default temp directory for uploads, /tmp on linux, is usually fine.
It would be best if you could mount /tmp without execute bit so nothing in there can be executed. That way, users can upload executables all they want, but they can never run them because it’s not allowed. See http://www.debian-administration.org/article/Making_/tmp_non-executable for more. This one if for debian, but there’s probably one for your distro as well. You are taking VPS or dedicated hosting I presume?
Also, it’s always a good idea to remove the original upload after you’ve processed it. And a good security measure is to open all uploaded images with GD and then save them again so as to rid them of any malicious code people may have hidden in there.
Would there be a benefit if I made the “Temporary Directory” somewhere outside of the Web Root?
Likewise, would it make sense to make my permanent “Member Photos Directory” somewhere outside of the Web Root?
The logic being that if you temporarily or permanently stored photos there, I don’t believe they could be executed from incoming requests over HTTP, right?
It would be best if you could mount /tmp without execute bit so nothing in there can be executed. That way, users can upload executables all they want, but they can never run them because it’s not allowed. See http://www.debian-administration.org/article/Making_/tmp_non-executable for more. This one if for debian, but there’s probably one for your distro as well.
Isn’t there a way to just change the Directory Settings to “Execute = False” and you’re covered?
You are taking VPS or dedicated hosting I presume?
Yes, I have a VPS.
Also, it’s always a good idea to remove the original upload after you’ve processed it.
How do I do that?
Can I do that with my PHP script?
And a good security measure is to open all uploaded images with GD and then save them again so as to rid them of any malicious code people may have hidden in there.