11-17-2003, 07:32 AM
i would like to ask is CHMOD777 safe?my site defualt is CHMOD755 but the logging script works only when i change it to CHMOD 777 ?what shoul di do .. someone said change "a+" to "a" while apending ..any one??
11-17-2003, 06:09 PM
It depends on what you are chmod'ing to 777 for. In most cases it will proabably be safe. Not the average web surfer knows how to write to a 777 file anyways and how are they going to know that they are able to write to it?
11-17-2003, 07:53 PM
depending on your servers setup , there is a chance that anyone else on your server can write to your 0777 files , eg joe blogs on domain.x hosted on the same physical machine as yours may possibly be able to write to those files .
now if joe bloggs did that chances are your host could spot&stop them , but of course it may not be joe bloggs himself & rather someone who has gained access to thier account etc.
anyway , if you get your script to write the file originally , fopen($file,'w') etc , then you can chmod to something safer after you have written to file ... eg
chmod( $file , 0777 ) ;
fopen( $file , 'a' ) ;
fputs( $file , $whatever ) ;
fclose( $fp ) ;
chmod( $file , 0644 );
that still won't be secure on some servers ;) but anyone scanning for open files will probably ignore you.
a or a+ make no difference to security , read the manual http://www.php.net/fopen