{"id":21648,"date":"2021-03-03T20:50:58","date_gmt":"2021-03-04T01:50:58","guid":{"rendered":"http:\/\/bangla.salearningschool.com\/recent-posts\/file-system-access-and-php-security-web-development\/"},"modified":"2021-03-03T20:50:58","modified_gmt":"2021-03-04T01:50:58","slug":"file-system-access-and-php-security-web-development","status":"publish","type":"post","link":"http:\/\/bangla.sitestree.com\/?p=21648","title":{"rendered":"File System Access and PHP Security #Web Development"},"content":{"rendered":"<p>File System Access and PHP Security<\/p>\n<p>Allowing your users to upload files opens some security holes. Users can upload malicious files and make your site affected by Malware. How risky is this depends on how you implemented the feature, and the privileges that you have provided. One option can be check if the associated feature is really important or it is a feature just for the sake of a feature.<\/p>\n<p>One option to prevent or minimize attack is: always specifically mention where the uploaded contents will go. Specify the upload folder specifically. When users upload files, check the name of the files as well. Are they trying to access a different location using relative parameters such as ..\/? Check the type of files they are trying to upload? is it an exe file? what about the size of the file? is the user trying to upload repeatedly?<br \/>\nis he a real human being? check the feature with Captcha.<\/p>\n<p>Do not use relative paths in your code; also do not specify a file upload location using relative paths. Do not assume that only the folder under which the website resides is the only place to keep uploaded files. You can define another location from your code that is usually inaccessible from the users. Your root website folder is public and is not the best place to keep uploaded files.<\/p>\n<p>Also, when you are opening a file do not use relative paths; try to know the exact location and filename; and work with the specific location and file name.<\/p>\n<p>PHP by default allows remote file access which is a really bad idea. Unless you have a good reason to allow remote file access, turn it off. you can turn it off from php.ini file. To do that just disable allow_url_fopen<\/p>\n<p>However, if you really need to allow using remote files, do not directly open\/execute it. But do it in two steps, first retrieve the data and then process the data in the 2nd step. You can use FTP functionality to retrieve\/upload first and then you can process it. From: http:\/\/sitestree.com\/?p=193<br \/> Categories:Web Development<br \/>Tags:PHP Security, File Security, Malware<br \/> Post Data:2013-01-11 00:29:29<\/p>\n<p>\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com\/' target='new' rel=\"noopener\">https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\t(Big Data, Cloud, Security, Machine Learning): Courses: <a href='http:\/\/Training.SitesTree.com' target='new' rel=\"noopener\"> http:\/\/Training.SitesTree.com<\/a><br \/>\n\t\tIn Bengali: <a href='http:\/\/Bangla.SaLearningSchool.com' target='new' rel=\"noopener\">http:\/\/Bangla.SaLearningSchool.com<\/a><br \/>\n\t\t<a href='http:\/\/SitesTree.com' target='new' rel=\"noopener\">http:\/\/SitesTree.com<\/a><br \/>\n\t\t8112223 Canada Inc.\/JustEtc: <a href='http:\/\/JustEtc.net' target='new' rel=\"noopener\">http:\/\/JustEtc.net (Software\/Web\/Mobile\/Big-Data\/Machine Learning) <\/a><br \/>\n\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com'> https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\tMedium: <a href='https:\/\/medium.com\/@SayedAhmedCanada' target='new' rel=\"noopener\"> https:\/\/medium.com\/@SayedAhmedCanada <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>File System Access and PHP Security Allowing your users to upload files opens some security holes. Users can upload malicious files and make your site affected by Malware. How risky is this depends on how you implemented the feature, and the privileges that you have provided. One option can be check if the associated feature &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"http:\/\/bangla.sitestree.com\/?p=21648\">Continue reading<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1917],"tags":[],"class_list":["post-21648","post","type-post","status-publish","format-standard","hentry","category-fromsitestree-com","item-wrap"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":20657,"url":"http:\/\/bangla.sitestree.com\/?p=20657","url_meta":{"origin":21648,"position":0},"title":"File System Access and PHP Security","author":"Author-Check- Article-or-Video","date":"February 25, 2021","format":false,"excerpt":"File System Access and PHP Security Allowing your users to upload files opens some security holes. Users can upload malicious files and make your site affected by Malware. How risky is this depends on how you implemented the feature, and the privileges that you have provided. One option can be\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":68268,"url":"http:\/\/bangla.sitestree.com\/?p=68268","url_meta":{"origin":21648,"position":1},"title":"BiGDump #Blog #DevOps","author":"Author-Check- Article-or-Video","date":"July 31, 2021","format":false,"excerpt":"If you are having issues to import large SQL files, one possible solution is BiGDump script. However, accessing the server through ssh and using mysql command to import\/restore will work as well (and the better solution). I just tried BigDump - it worked pretty well for me. The idea is\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17008,"url":"http:\/\/bangla.sitestree.com\/?p=17008","url_meta":{"origin":21648,"position":2},"title":"Python: Ecommerce: Part \u2014 7: Partition a Data File (with product information) into Multiple Files.","author":"Sayed","date":"April 19, 2020","format":false,"excerpt":"In previous steps, we created a product data file to be uploaded to Magento 2 (from supplier data). However, there is a limit, how big a file can be uploaded to Magento 2 for product data import. Hence, this code will divide the data file into multiple files. This data\u2026","rel":"","context":"In &quot;Build Ecommerce Software&quot;","block_context":{"text":"Build Ecommerce Software","link":"http:\/\/bangla.sitestree.com\/?cat=1912"},"img":{"alt_text":"8112223 Canada Inc. (Justetc)","src":"https:\/\/miro.medium.com\/fit\/c\/80\/80\/0*P_esmjKoJnHlNjFX","width":350,"height":200},"classes":[]},{"id":23393,"url":"http:\/\/bangla.sitestree.com\/?p=23393","url_meta":{"origin":21648,"position":3},"title":"Installing Plugins (modules\/blocks) for Moodle #Root","author":"Author-Check- Article-or-Video","date":"March 30, 2021","format":false,"excerpt":"Installing Plugins (modules\/blocks) for Moodle Sure, I did 1. Installing a module\/plugin\/block As a Zip File login as an administrator then from left navigation site administration plugins install add ons in next screen select what you want to install module or block select\/browse the zip file to upload (sure, you\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6071,"url":"http:\/\/bangla.sitestree.com\/?p=6071","url_meta":{"origin":21648,"position":4},"title":"\u09aa\u09bf\u098f\u0987\u099a\u09aa\u09bf \u09eb \u09ab\u09be\u0987\u09b2 \u0986\u09aa\u09cd\u09b2\u09cb\u09a1 (PHP 5 File Upload)","author":"Author-Check- Article-or-Video","date":"March 6, 2015","format":false,"excerpt":"Sheikh Mahfuzur Rahman \u00a0 \u09aa\u09bf\u098f\u0987\u099a\u09aa\u09bf'\u09b0 \u09b8\u09be\u09b9\u09be\u09af\u09cd\u09af\u09c7 \u0996\u09c1\u09ac \u09b8\u09b9\u099c\u09c7\u0987 \u09b8\u09be\u09b0\u09cd\u09ad\u09be\u09b0\u09c7 \u09ab\u09be\u0987\u09b2 \u0986\u09aa\u09b2\u09cb\u09a1 \u0995\u09b0\u09be \u09af\u09be\u09df\u0964 \u09af\u09be\u09b9\u09cb\u0995, \u09b8\u09b9\u099c \u09b9\u0993\u09df\u09be\u09b0 \u0995\u09be\u09b0\u09a3\u09c7 \u09ac\u09bf\u09aa\u09a6\u0993 \u09ac\u09c7\u09b6\u09bf \u09b9\u09a4\u09c7 \u09aa\u09be\u09b0\u09c7! \u09a4\u09be\u0987 \u09b8\u09be\u09b0\u09cd\u09ad\u09be\u09b0\u09c7 \u09ab\u09be\u0987\u09b2 \u0986\u09aa\u09b2\u09cb\u09a1\u09c7\u09b0 \u09b8\u09c1\u09af\u09cb\u0997 \u09a6\u09c7\u09df\u09be\u09b0 \u09b8\u09ae\u09df \u09b8\u09a4\u09b0\u09cd\u0995 \u09b9\u09cb\u09a8! \u00a0 \"php.ini\u201d \u09ab\u09be\u0987\u09b2 \u0995\u09a8\u09ab\u09bf\u0997\u09be\u09b0 \u0995\u09b0\u09be \u09aa\u09cd\u09b0\u09a5\u09ae\u09c7, \u09ab\u09be\u0987\u09b2 \u0986\u09aa\u09b2\u09cb\u09a1 \u0995\u09b0\u09be\u09b0 \u099c\u09a8\u09cd\u09af \u09aa\u09bf\u098f\u0987\u099a\u09aa\u09bf \u0995\u09a8\u09ab\u09bf\u0997\u09be\u09b0 \u0995\u09b0\u09be \u09b9\u09df\u09c7\u099b\u09c7 \u0995\u09bf\u09a8\u09be \u09a4\u09be \u09a8\u09bf\u09b6\u09cd\u099a\u09bf\u09a4 \u0995\u09b0\u09a4\u09c7 \u09b9\u09ac\u09c7\u0964 \u0986\u09aa\u09a8\u09be\u09b0\u2026","rel":"","context":"In &quot;\u09aa\u09bf \u098f\u0987\u099a \u09aa\u09bf \u099f\u09bf\u0989\u099f\u09cb\u09b0\u09bf\u09df\u09be\u09b2 \u0964 PHP tutorial&quot;","block_context":{"text":"\u09aa\u09bf \u098f\u0987\u099a \u09aa\u09bf \u099f\u09bf\u0989\u099f\u09cb\u09b0\u09bf\u09df\u09be\u09b2 \u0964 PHP tutorial","link":"http:\/\/bangla.sitestree.com\/?cat=172"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17007,"url":"http:\/\/bangla.sitestree.com\/?p=17007","url_meta":{"origin":21648,"position":5},"title":"Python: Ecommerce: Part \u2014 6: Format and adjust your product data and price data to save to a csv to upload to  Magento 2.","author":"Sayed","date":"April 19, 2020","format":false,"excerpt":"Code will be given cell by cell from Jupyter Notebook. Then will also give all code in one block. You might need to adjust the indenting a bit. Read the code comments as well. Comments explained the sections. In [86]: # calculate\/adjust data so that we can create magento 2\u2026","rel":"","context":"In &quot;Build Ecommerce Software&quot;","block_context":{"text":"Build Ecommerce Software","link":"http:\/\/bangla.sitestree.com\/?cat=1912"},"img":{"alt_text":"8112223 Canada Inc. (Justetc)","src":"https:\/\/miro.medium.com\/fit\/c\/80\/80\/0*P_esmjKoJnHlNjFX","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/21648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21648"}],"version-history":[{"count":0,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/21648\/revisions"}],"wp:attachment":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21648"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}