The least secure permissions should be 755 for pretty much anything except things such as .htaccess, which might best be 700 to give only the owner access to the file and everybody else, including Web browsers, would be forbidden from even attempting to read that file. 755 would give the owner of the file/directory full read-write-execute control while giving others the ability to read and execute, the minimum permissions needed to read a file from what I remember, though it has been a while since I messed with file permissions on an HTTP server.
With regard to the security risk, if you give people write access, and they discover what FTP server the files are stored on (assuming your files are uploaded via FTP), they could FTP replacement files, making it appear to be hacked when all that they did was upload via FTP. Also, if this is your personal HTTP server and you have an FTP server running on the same machine (understandable if you're learning), the same thing could happen, except that it would be easier since a simple ping <http address> would return your IP address, which is most likely the same as the FTP server since it is on the same machine.
$hello = file_get_contents('hello.txt'); echo $hello;
Last edited by rpgfan3233; 11-15-2007 at 03:07 PM..