Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
Thread: Permissions dilemma
11-15-2007, 02:39 PM #1
- Join Date
- Aug 2007
- Thanked 1 Time in 1 Post
I want to open a file to store some data. However, when I use fopen('filename', w) I get permission denied. So, I've changed the permissions of the directory to get rid of the permission denied problem. Unfortunately, this seemed to require changing the directory to have permissions 777.
How much of a security risk is this? If its catastrophic, what's the best way around it?
Scrumpy.Gums"entia non sunt multiplicanda praeter necessitatem" - "Entities should not be multiplied beyond necessity" Occam's Razor
11-15-2007, 04:02 PM #2
- Join Date
- Mar 2005
- D0u$h!t3 k4?
- Thanked 5 Times in 5 Posts
The least secure permissions should be 755 for pretty much anything except things such as .htaccess, which might best be 700 to give only the owner access to the file and everybody else, including Web browsers, would be forbidden from even attempting to read that file. 755 would give the owner of the file/directory full read-write-execute control while giving others the ability to read and execute, the minimum permissions needed to read a file from what I remember, though it has been a while since I messed with file permissions on an HTTP server.
With regard to the security risk, if you give people write access, and they discover what FTP server the files are stored on (assuming your files are uploaded via FTP), they could FTP replacement files, making it appear to be hacked when all that they did was upload via FTP. Also, if this is your personal HTTP server and you have an FTP server running on the same machine (understandable if you're learning), the same thing could happen, except that it would be easier since a simple ping <http address> would return your IP address, which is most likely the same as the FTP server since it is on the same machine.
Last edited by rpgfan3233; 11-15-2007 at 04:07 PM.PHP Code:
$hello = file_get_contents('hello.txt'); echo $hello;
Users who have thanked rpgfan3233 for this post:
11-15-2007, 07:15 PM #3
- Join Date
- Mar 2007
- Florida, USA
- Thanked 406 Times in 398 Posts
Users who have thanked Inigoesdr for this post: