Justtechjobs.com Find a programming school near you






Online Campus Both


php-db | 2000121

[PHP-DB] re: Dire Permissions From: Larry Rivera (lrivera <email protected>)
Date: 12/14/00

You dont have to set it 777 which is obviously read write execute to the
world

but directories by nature need to be executable or else you can view the
contents of said directories.

you can thoug se it 755 or something to that effect to improve security
after all you wouldnt want someone
deleting the directory or renaming it as would be the case with 777.

Peace
----- Original Message -----
From: "Scott Lynn" <scott <email protected>>
To: <php-db <email protected>>
Sent: Thursday, December 14, 2000 11:53 AM
Subject: [PHP-DB] Uploading with PHP Script and permissions

> Hello,
> I am trying to create an upload/admin script for authorized
> users to add (and manage) files that are viewed by others.
> The scripts for managing this are stored in one subdirectory,
> the files are stored in another subdirectory.
>
> - Why do I have to set 777 permission for the file directory
> to upload? Specifically why do I have to give execute
> permission to write files? And is this dangerous, since
> if there is a security hole on uploading, someone could
> upload and execute a malicious script? I really want to
> set read and write permission to that directory, and restrict
> write permission to authorized users.
>
> - Is setting 777 dangerous for directories that users
> have access to? What restriction should I have here?
> The internet security faqs seem to focus a lot on firewall
> theory and I can't find a specific answer to this.
>
> Thanks,
> Scott at scott <email protected>
>
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-db-unsubscribe <email protected>
> For additional commands, e-mail: php-db-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>