How to secure upload directory within cmsAdmin

6 posts by 3 authors in: Forums > CMS Builder
Last Post: October 8, 2013   (RSS)

By nmsinc - October 7, 2013

I need to secure the upload directory within cmsAdmin - how can this be done?

Thanks - nmsinc

nmsinc

Hi nmsinc,

If a simple "you shouldn't be" here index file in the directory isn't enough for your needs, you might consider moving the upload directory to above your public directory using a custom upload directory (I don't know if you can do that but it might be worth a try).

Another thought is to password protect the directory using .htaccess.

Google: password protect a directory with htaccess for lots of information.

Good luck, and let us know how you solve the issue...

Jerry  Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By gkornbluth - October 7, 2013 - edited: October 7, 2013

Hi,

I did a bit of playing around and it seems (at least on the site that I tested) that changing the permission of the upload directory (and all the directories below it) from 755 to 751 denied access to me when I tried to list any of the upload directories but web access still worked perfectly.

Worth a try?

You might want to look at this article as well: http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Damon - October 8, 2013

Hi,

Did any of Jerry's suggestions work for you?

I'm worried about users who know how to access the folders via the main CMS directory!

 You can move the uploads folder to another location and then add an index.html file into it that will prevent file browsing.

Can you give me an example of what how a user would be able to access the folder?

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By nmsinc - October 8, 2013

I did reset the permissions and everything appears to be working as Jerry mentioned!

Thanks - nmsinc

nmsinc