tomdchi Posted October 13, 2009 Share Posted October 13, 2009 Love the doc upload feature. I implemented something similar to one of my installs a while ago. I did some testing and and found it is possible to access files directly in the browser which of course is not good if they contain anything sensitive. I know that it appends the word "file" and a 6 digit number to the filename you are uploading but for sensitive material thats not good enough. Cpanel users can enable hotlink protection and list the file extensions that are not allowed to be accessed directly. This does prevent direct access and redirects to a 403 error. I have cpanel servers so that works for me. I don't know about others though. Would there be a way to move the folder that the files are saved to and reference this folder in configuration.php? I have done this with templates_c and put the folder outside of the doc root. Tom 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted October 13, 2009 WHMCS CEO Share Posted October 13, 2009 Hi, Yes, you can of course move all the writeable folders where uploads & downloads are stored to above the publically accessible folder tree and it's recommended you do so during the installation process. See http://wiki.whmcs.com/Further_Security_Steps for details. Matt 0 Quote Link to comment Share on other sites More sharing options...
MrSaints Posted October 20, 2009 Share Posted October 20, 2009 My WHMCS is located in the public_html, I just placed it one level above it as Matt stated and its all safe 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.