Announcement

Collapse
No announcement yet.

vB3.5 and Attachment Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • feldon23
    replied
    Have you considered setting up a private FTP site which can be browsed as a companion to your forum?

    Leave a comment:


  • conqsoft
    replied
    1) If you store attachments in the File System, make sure the directory in which you are storing them is OUTSIDE the web root. Doing that will prevent unauthorized users from accessing them. With lots of (large) attachments, you don't want to store them in the database anyway, but that would be just as secure.

    Leave a comment:


  • Steve Machol
    replied
    1. Are you storing attachments in the file system or database?

    2. Yes, those sizes can be quite a problem to upload with a PHP script. In fact, I would be surprised if you can do this.

    In addition to the vB settings, the allowed size of the attachments depends on the PHP and MySQL configuration. You may need to check and change the upload size for both PHP and for MySQL. Note, you'll need to have root access to the server to do this (or have your host do it.) Make these changes to php.ini:

    upload_max_filesize = xM

    ..and my.cnf (or my.ini for Windows systems)

    set-variable=max_allowed_packet=xM

    Change it to the size ('x') you want in Megabytes. Restart the webserver and MySQL after making these changes.

    Also you might want to take a look at this for other settings that affect file uploads:

    http://www.vbulletin.com/forum/showp...0&postcount=12
    http://www.vbulletin.com/forum/showt...319#post748319

    Leave a comment:


  • DougM
    started a topic vB3.5 and Attachment Security

    vB3.5 and Attachment Security

    Please allow me to ask a question that has been touched on but as near as I can tell, not specifically for 3.5. I need to sure of this for a new site.

    I wish to allow only paid subscription members to download attachments which will be 10MB to 50MB files of a type which are often targeted by hackers. I intend to accomplish this through the built in usergroup forum and attachment permissions.

    Question 1: Security. Is there any way for common hackers to break into attachments and grab them? I understand no system is crack-proof but need a reasonable level of security to block the amateur attempts and be certain no one can download them through a direct URL link shared by a member with permissions.

    Question 2: Will 50MB attachments be a problem? I can't imagine how but again, need to be sure. I will take care of server storage and bandwidth.

    Thank you.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X