How dangerous is it actualy to have 777 permission in a folder with only images? Doesn't a hacker still need to get access to my server some how? Or is it really dangerous to have 777 permissions on a folder and it's files (pictures)?
- ØØ -
Printable View
How dangerous is it actualy to have 777 permission in a folder with only images? Doesn't a hacker still need to get access to my server some how? Or is it really dangerous to have 777 permissions on a folder and it's files (pictures)?
- ØØ -
If someone takes advantage of an exploit and gains access the computer, they will be able to create and overwrite files in the folder. As long as you are aware of this then you should be ok; if I had no choice I would put the unsecured directory in a directory which is secure, in this I would place a .htaccess file which disables the execution of CGI scripts, PHP scripts and SSI's; this will prevent anyone from overwriting the files with files which can be executed.
Won't they be able to do that anyway if they manage to hack into the server? Or when you exploit you mean via a poorly written script or something?
Yes - they will have the user rights of the web server. So provided the directory above is not owned and wrietable by the web server and .htaccess file prevents overrides the damage which can be done will be limited.
But I need a PHP script to take pictures in a folder and resize them. Won't that .htaccess thingy stop that too, or will a PHP script running outside the folder still be able to do it's job inside the folder?
- ØØ -
Nope, .htaccess is only read by the web server, not PHP.
Ahha, sounds sweat, so what would a .htaccess file look like in that case, and what would the permissions be in the end?
Thanks for all your help. I do love you, you know that?
- ØØ -