I don't see why they need to be chmod to 555, I think 644 is probably more appropriate for data files. This allows the process to write them and everyone else to read them. 555 allows everyone to execute them, which means all I have to do is upload a script to your server and the fun begins.
Beyond that, no... you can't really prevent someone from uploading an .exe file to your system, but without it saying .exe at the end I suspect MS Windows isn't going to do anything meaningful with it-- and without the correct content-type header many other browsers aren't going to treat it correctly either. And if you upload an .exe as a .jpg, it's likely to get served back as a JPEG which won't display since the exe data is not in the correct JPEG format. If a hole existed whereby my browser was fed an unexpected file and then ran that file willy-nilly, it would have been exploited more than Outlook by now.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
