Our website was hacked due the fact a folder had 777 permissions which means people can upload files there and run scripts remotely. However, the folder needs to be 777 as the site got a client feature to crop images, and need to save the cropped images there.
How can I secure this folder and prevent hacking?
Please show me how to do this? Thanks a lot!
CHMOD 777本质上是不安全的.它仅用于暂时避免在安装脚本时出现问题.安装脚本后,将其修改为类似755的格式.要保护它的安全,您必须将访问权限更改为完全打开以外的其他权限.
CHMOD 777 is inherently unsafe. It's only used to temporarily avoid issues when installing scripts. After installing scripts, you CHMOD it back to something like 755. To secure it, you will have to change the access to something other than wide open.
要让用户裁剪图像,我建议使用常规的JavaScript裁剪器,例如 Jcrop
To have a user crop an image I would recommend a conventional javascript cropper like Jcrop