Security of Data and files

The following warnings occurred:

Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)

File	Line	Function
/global.php	783	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)

File	Line	Function
/global.php	783	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined variable $newpmmsg - Line: 40 - File: global.php(841) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/global.php(841) : eval()'d code	40	errorHandler->error
/global.php	841	eval
/showthread.php	26	require_once

Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.1.27 (Linux)

File	Line	Function
/global.php	909	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5024 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	5024	errorHandler->error
/global.php	909	build_theme_select
/showthread.php	26	require_once

Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	7162	errorHandler->error
/inc/functions.php	5044	is_member
/global.php	909	build_theme_select
/showthread.php	26	require_once

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1370	fetch_forum_permissions
/showthread.php	137	forum_permissions

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key "mybb" - Line: 1952 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	1952	errorHandler->error
/inc/functions_indicators.php	41	my_set_array_cookie
/showthread.php	629	mark_thread_read

Warning [2] Trying to access array offset on value of type null - Line: 488 - File: inc/db_mysqli.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/db_mysqli.php	488	errorHandler->error
/showthread.php	722	DB_MySQLi->fetch_field

Warning [2] Undefined property: MyLanguage::$ratings_update_error - Line: 5 - File: showthread.php(732) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php(732) : eval()'d code	5	errorHandler->error
/showthread.php	732	eval

Warning [2] Undefined variable $postsdone - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Trying to access array offset on value of type null - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4755 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4757 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4760 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4764 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4770 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4773 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4785 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4792 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4757 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4760 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4773 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4792 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4785 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions.php	7162	errorHandler->error
/inc/functions_user.php	844	is_member
/inc/functions_post.php	406	purgespammer_show
/showthread.php	880	build_postbit

Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions_post.php(474) : eval()'d code	6	errorHandler->error
/inc/functions_post.php	474	eval
/showthread.php	880	build_postbit

Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions_post.php	660	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions_post.php	741	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)

File	Line	Function
/inc/functions_post.php	746	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "invisible" - Line: 1506 - File: showthread.php PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php	1506	errorHandler->error

Warning [2] Undefined variable $threadnotesbox - Line: 30 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	30	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $multipage - Line: 33 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	33	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $multipage - Line: 65 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	65	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $addremovesubscription - Line: 79 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	79	errorHandler->error
/showthread.php	1533	eval

FORUMS

The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:

1 Vote(s) - 5 Average
1
2
3
4
5

Thread Modes

Security of Data and files

Ben

Offline

Administrator

Posts: 2,456
Threads: 39
Joined: Dec 2008
Reputation: 6

#6

May 3rd, 2011, 8:16 PM

Hey all,

2.1.0 (the current available version) contains an index.html in that folder. All that that does is prevent the browser from displaying the contents of the folder. It's low-fi, but it solves the immediate problem.

Alex, using .htaccess is definitely better from a security point of view, but like you said, it would require users to be perpetually entering their login credentials - plus you'd need to go through the legwork of setting up the actual permissions. It all depends on your situation and your judgment. If the content being uploaded is very sensitive, then yes - password-protecting the whole folder with .htaccess would make sense. Also, you might want to consider using a custom upload folder which would be harder for a hacker to guess (e.g /uploads59115 or something random).

The other possibility (depending on how security-conscious you feel you need to be) is to specify an upload folder that's above the actual webroot. This will break any links to the files in the user interface (since they won't be accessible via an http:// location), but the files will still be properly uploaded to the server. No-one without server permissions would be able to access the files.

- Ben

Reply

Find

« Next Oldest | Next Newest »

Messages In This Thread

Security of Data and files - by alexh - May 2nd, 2011, 7:09 PM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 12:27 AM

RE: Security of Data and files - by alexh - May 3rd, 2011, 12:49 AM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 1:09 AM

RE: Security of Data and files - by alexh - May 3rd, 2011, 3:21 PM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 11:22 PM

RE: Security of Data and files - by Ben - May 3rd, 2011, 8:16 PM

RE: Security of Data and files - by alexh - May 4th, 2011, 10:39 PM

RE: Security of Data and files - by Ben - May 4th, 2011, 7:37 AM

View a Printable Version

Users browsing this thread: 1 Guest(s)

Powered By MyBB, © 2002-2024 MyBB Group.