I am dealing with user uploads via a PHP application.
I want to secure the server so no exploits are available to the user, such as uploading a php shell and executing it.
I have set it so all uploads are moved outside the webroot into a separate folder. As an extra security, I have removed all rights except "read" from the IUSR, on the specefic folder.
To take this a step further, I was told to disable script execution on the folder via IIS.
Is this necessary, given my situation and the things I have already done? If yes, how would I achieve this using IIS 8.
Thanks
Aucun commentaire:
Enregistrer un commentaire