Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Concern #65

Closed
alenbhclynpblc opened this issue Oct 5, 2018 · 1 comment
Closed

Security Concern #65

alenbhclynpblc opened this issue Oct 5, 2018 · 1 comment
Labels
suggestion

Comments

@alenbhclynpblc
Copy link

Hello,

I know this is a "file manager" and got your point about what you want to do but this application will give a security leak.

Application need to resist about editing/uploading interpretable files.

Suggestions;

  • Put an setting variable for "allow_only_safe_actions". (default value need to be true)
  • For safety you need to restrict editing ".php", ".htaccess" / ".phtml" files (and much more i think, parameterize solution will be great)
  • For safety you need to restrict renaming extension which listed at previous item (and also copy)
  • For zip files, extract them to tmp directory and move only secure ones

Otherwise, after a simple bruteforce everything will be gone :-)
@alecos71
Copy link
Contributor

as long as the filemanger remains private there is no reason to restrict the modification of some files ... of course if you have to give public access to the filemanger, take a road full of dangers of all sorts ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alecos71 @alenbhclynpblc @prasathmani