Enabling Batch Upload per defined user group

[misterpong]

Hi, I'm new to this but I have searched the database extensively on this topic. I was led through a trail of clues but it suddenly ends with the last post by Gau Gau saying "after a few cleanups I'll post it [the hack written by one of the developers that enable this]"

Having searched the Hack and Add On forum, I am still unable to find it. Could someone please point me in the right direction???

Cheers!
A.

[Casper]

I'm sure that gaugau says what I will here, that this means allowing ftp access to others, and this we would never recommend.

[Joachim Müller]

Casper's right - I never said that. Post a link to the thread you're refering to.

Joachim

[misterpong]

You're right... It was Hogwild who said this.

Sorry.
Adrian

 
   
Re: Batch upload for users?
" Reply #4 on: April 30, 2004, 11:15:48 AM "   
------------------------------------------------------------------------


GauGau
One of my developers have implemented the batch upload 'per' an assigned 'user group'.. i..e the 'batch upload' is now shown on the menu bar
and is assigned by the admin to a group.. After a few cleanups I'll post.
--ftp--
Need clarification here. Please advise what type of script a user can run to take control of the entire website.
Isn't it the same as me simply giving you access to my site and giving you a folder under root.. If thats the case any user on the machine can do that.
Please detail more or send it to me offline as I'm not getting this how/if this can occur.
Hoggwild

   

[Joachim Müller]

users mustn't be able to upload anything to your site that can be scripted, so you could ban extensions like php, pl etc., but the only "real" protection is not allowing users to ftp-upload to your site at all. Making an ftp upload section bullet-proof is something only your webhost is being capable of. Like suggested: don't allow anyone to ftp-upload, it's a security risk.

Joachim