Here is a list of things you can do to make your implementation of UploadiFive more secure…
- Change the name of uploadifive.php to something unique like (uploadifive-JK89H.php).
- Make sure the permissions of your upload folder are correct. If you’re unsure or what permissions to set them to, use 755.
- Do some file type checking in the uploadifive.php script. Using only the fileType option is not enough as it is easily bypassed. There is some simple file type checking in the uploadify.php script that comes in the download package.
- Place your upload destination folder outside of the public html root… or if you can’t…
- Add a blank index.php file in the upload destination folder along with an .htaccess file with the following code:
12345order allow,denydeny from allOptions All -Indexes
- Use SSL if possible.