I was wondering if there is any security risk when using the default upload_tmp_dir value in the php.ini file? If yes, what are better approaches or places to place these files?
Asked
Active
Viewed 603 times
0
-
If you are on shared hosting or you have more projects running on the same machine it means other projects / users might also be able to access things stored in `/tmp` – PeeHaa Apr 11 '15 at 16:23
-
But when using your own server or using some sort of VPS there is no reason for using an other folder at an different location or something like that? – Apr 11 '15 at 17:05
1 Answers
-1
/tmp means temporary. So this folder may normally be cleared regularly. You should create a /upload folder and put your files inside it.
EDIT : Excuse me I didn't anwer properly. I think there is no security risk if the folder is not accessible from the internet. For example outside the www folder.
taccola
- 69
- 1
- 4
-
1I understand that the /tmp folder is temporary. I mean what else could tmp stand for ;) , but by clearing the folder does not protect or restrict any files in the /tmp folder at any given time. And as you can read in my question I am interested in the risks involved when using the standard /tmp folder – Apr 11 '15 at 17:03
-
Ok, so if Apache is installed and the script accepts some kind of data like an image then that image will be stored in the /tmp folder. So there is no direct communication with the sever but when uploading an file there will be an file stored inside the /tmp folder. – Apr 11 '15 at 18:24