[LUAU] Wordpress upload password, but might be more of an apache issue?
Vince Hoang
vince at litrium.com
Sun Sep 3 13:57:23 PDT 2006
On Sat, Sep 02, 2006 at 08:50:54PM -1000, Brian Chee wrote:
>> Shouldn't Wordpress's own authentication system be sufficient?
>> Only those who have permission to write blog entries are then
>> able to upload files.
>
> But for this to work I gotta 777 the upload directory...which
> does NOT make me happy...
You can chmod 0700 as long as you chown to the user:group of the
web server user.
Your later message about limiting POST is an additional
authentication step, where the extra user management would need
to be handled out of band. You still cannot avoid the problem of
the web server user owning all the files with this approach.
-Vince
More information about the LUAU
mailing list