Enabling Batch Upload per defined user group Enabling Batch Upload per defined user group
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Enabling Batch Upload per defined user group

Started by misterpong, December 09, 2004, 10:43:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

misterpong

Hi, I'm new to this but I have searched the database extensively on this topic. I was led through a trail of clues but it suddenly ends with the last post by Gau Gau saying "after a few cleanups I'll post it [the hack written by one of the developers that enable this]"

Having searched the Hack and Add On forum, I am still unable to find it. Could someone please point me in the right direction???

Cheers!
A.

Casper

I'm sure that gaugau says what I will here, that this means allowing ftp access to others, and this we would never recommend.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Joachim Müller

Casper's right - I never said that. Post a link to the thread you're refering to.

Joachim

misterpong

You're right... It was Hogwild who said this.

Sorry.
Adrian

 
   
Re: Batch upload for users?
" Reply #4 on: April 30, 2004, 11:15:48 AM "   
------------------------------------------------------------------------


GauGau
One of my developers have implemented the batch upload 'per' an assigned 'user group'.. i..e the 'batch upload' is now shown on the menu bar
and is assigned by the admin to a group.. After a few cleanups I'll post.
--ftp--
Need clarification here. Please advise what type of script a user can run to take control of the entire website.
Isn't it the same as me simply giving you access to my site and giving you a folder under root.. If thats the case any user on the machine can do that.
Please detail more or send it to me offline as I'm not getting this how/if this can occur.
Hoggwild

   

Joachim Müller

users mustn't be able to upload anything to your site that can be scripted, so you could ban extensions like php, pl etc., but the only "real" protection is not allowing users to ftp-upload to your site at all. Making an ftp upload section bullet-proof is something only your webhost is being capable of. Like suggested: don't allow anyone to ftp-upload, it's a security risk.

Joachim