How to secure upload directory within cmsAdmin

6 posts by 3 authors in: Forums > CMS Builder
Last Post: October 8, 2013   (RSS)

By nmsinc - October 7, 2013

I need to secure the upload directory within cmsAdmin - how can this be done?

Thanks - nmsinc

nmsinc

By nmsinc - October 7, 2013

Hi Jerry,

I do have a index file that moves the user back to the root index page for the spider bots, however, I'm worried about users who know how to access the folders via the main CMS directory!

Also, htaccess will not work as our clients customers get confused when they must enter more than one user code!

Thanks - nmsinc

nmsinc

By gkornbluth - October 7, 2013 - edited: October 7, 2013

Hi,

I did a bit of playing around and it seems (at least on the site that I tested) that changing the permission of the upload directory (and all the directories below it) from 755 to 751 denied access to me when I tried to list any of the upload directories but web access still worked perfectly.

Worth a try?

You might want to look at this article as well: http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Damon - October 8, 2013

Hi,

Did any of Jerry's suggestions work for you?

I'm worried about users who know how to access the folders via the main CMS directory!

 You can move the uploads folder to another location and then add an index.html file into it that will prevent file browsing.

Can you give me an example of what how a user would be able to access the folder?

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By nmsinc - October 8, 2013

I did reset the permissions and everything appears to be working as Jerry mentioned!

Thanks - nmsinc

nmsinc