I have a web server,I have many world writeable directories (0777),Created by programmers,for uploading pictures.
Now i want to stop script excuation (php,cgi,etc) in the directories 0777,I know one way is to use htaccess file,i dont wana used that,if some one know any other method using apache config file or any other methos it will be great.
I have small uplod script in php that upload jpg png and other files in my server under 777 directory.Now i want any one can upload any scrip like php cgi pearl etc.But i dont want apache to execute it as server side script.May some bad/ malicious code is beging uploded
If I were you, I would create an crontab function to change all the files in the directory of interest to read-only for security reasons. That way you have even more security.
Then please explain why taking files that are not supposed to be executable and making them read only or read-write only will break current functionality?
What you are doing is good, but it is not enough to be fully secure.
We never know what kind of software programmer make,may be they need some time picture with different extension,or my be they need to upload documents pfd or video file.that's why i am accpecpting all file to be uploaded but not allowing certain file to run on my server.
I am not suggesting that you do one, or the other.
I am saying you should do both, (1) use your .htaccess directives and (2) create a crontab to insure all files are not executable. You might also consider changing ownership (chown) of the uploaded files in combination with chmod.
This is called "defense in depth" - using more than one security defense in case the other one fails.
Relying on only one security control creates a higher risk of compromise.