\images\ folder security
Posted: 2021-04-19 18:27
Hi,
All files uploaded from the Gini App go to a folder named [appgini_folder]\images\xxxxxxxx.xxx I run the app from a folder in my domain. I found that the files are saved some times with permission 666 and some times 664. In any case, anybody with the URL link could access the files without needing to know the password to access the app. Of course, the name of the file assigned by Gini App is an hex number or sometimes a decimal number, but neither seems to be enough to prevent malicious access. Also, that can be objected by a GDPR or UK DPA audit.
Is there any way to make sure that the files uploaded are either saved with 660 permission or protected by the password of the app?
Thank you for your help.
All files uploaded from the Gini App go to a folder named [appgini_folder]\images\xxxxxxxx.xxx I run the app from a folder in my domain. I found that the files are saved some times with permission 666 and some times 664. In any case, anybody with the URL link could access the files without needing to know the password to access the app. Of course, the name of the file assigned by Gini App is an hex number or sometimes a decimal number, but neither seems to be enough to prevent malicious access. Also, that can be objected by a GDPR or UK DPA audit.
Is there any way to make sure that the files uploaded are either saved with 660 permission or protected by the password of the app?
Thank you for your help.