attachments out of database & ch mode777 security?

hi there

I decided to move the attachments out of the database for some reasons ....

But as far as I know I have to disable php Safe mode. and also I have to set folder's change mode to 777.

Aren't these dangerous ? or risky ?

how can we secure folder ch mode 777 ?

how can we have this folder upper above root ? or secure it by using htaccess file?

Yes, there's a slight security issue with this, chmod 777 is not recommended. However, you could place a htaccess file inside this directory I believe, and you can also move the directory outside of the public_html/ directory.

/.
/..
/attachments
/public_html
/tmp

I moved the attachment folder (with ch mode 777) outside of the public_html/ directory.

Is that enough ?

what code should I put in htaccess file? the codes just not allow anybody to upload and execute php or html files ?

Can I be sure that by moving attachments outside of the public_html/ directory there would be no security issue ?

When it's outside the public_html dir you don't need .htaccess.

When it's outside the public_html dir you don't need .htaccess.

I 'm not sure just move it outside the public_html is enough for security of attachment folder !

at least when I use shared server there can be a security issue ? is it right?

Isn't it better not to move that folder outside public_html but protect it by .htaccess?
Would you please helping about .htaccess codes?

I don't know what should I consider about .htaccess codes and security matters.

Thank you .

everything inside public_html/* is what you can see from a browser
everything outside it.. you can't. So it's secure.

.htaccess suggested contents


deny from all



that should be enough :) it's better to move it off the public_html, tough

everything inside public_html/* is what you can see from a browser
everything outside it.. you can't. So it's secure.

Thank you any way!

.htaccess suggested contents
Originally Posted by .htaccess
deny from all
that should be enough :) it's better to move it off the public_html, tough

Exactly that is the best way ! but there is only two problems ! when I used the code :

" deny from all" no body could see images that has been attached !!!

I believe that is the best way... except for showing attached images .

and about the second problem ..... let's talk after the first solved...

Finally I found the solution !

but it is strange that nobody here mentioned it ! I think there are many who know but they do not want describe .. in order to hide security of their own forums....

anyway It's solved.