Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: CHMOD777 safe?

  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Posts
    138
    Thanks
    0
    Thanked 0 Times in 0 Posts

    CHMOD777 safe?

    hi

    i would like to ask is CHMOD777 safe?my site defualt is CHMOD755 but the logging script works only when i change it to CHMOD 777 ?what shoul di do .. someone said change "a+" to "a" while apending ..any one??
    Move on....

  • #2
    Regular Coder
    Join Date
    May 2003
    Location
    34° 54' N 82° 13' W
    Posts
    996
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It depends on what you are chmod'ing to 777 for. In most cases it will proabably be safe. Not the average web surfer knows how to write to a 777 file anyways and how are they going to know that they are able to write to it?
    Stevie Peele
    Neverside IRC Network - irc.veonex.net | tc.tutorialnetwork.org
    #dev - any programming,etc. question
    #design - design discussion and critque
    #central - general chat
    Come join us!

  • #3
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    depending on your servers setup , there is a chance that anyone else on your server can write to your 0777 files , eg joe blogs on domain.x hosted on the same physical machine as yours may possibly be able to write to those files .

    now if joe bloggs did that chances are your host could spot&stop them , but of course it may not be joe bloggs himself & rather someone who has gained access to thier account etc.

    anyway , if you get your script to write the file originally , fopen($file,'w') etc , then you can chmod to something safer after you have written to file ... eg

    $file='this.log';

    chmod( $file , 0777 ) ;
    fopen( $file , 'a' ) ;
    fputs( $file , $whatever ) ;
    fclose( $fp ) ;
    chmod( $file , 0644 );

    that still won't be secure on some servers but anyone scanning for open files will probably ignore you.

    a or a+ make no difference to security , read the manual http://www.php.net/fopen
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •