Sitecore Media Library
Controlling File Upload and Deny Execute Permissions on the Upload Folder You can strengthen the sitecore installation by restricting the access to the files that are begin uploaded by users. If you allow users to modify the content of /upload in website root folder then you also give them permission to place the scripts and executable programs. Executing these scripts and programs can cause an unexpected behavior on the server. You must therefore prevent an uploaded file from being executed on the server side when a user attempts to download it. We recommend that you deny permissions to run scripts and executable files in the /upload folder Note: You only need to perform this step if your configuration allows content authors to place files directly to the /upload folder. For example, if you use a shared directory or FTP server, content authors can quickly place a lot of media in the media library. Denying Execute Permission in IIS yo...
Comments
Post a Comment