+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Security Question for CodeIgniter setup in a live environment - file system permissions (/showthread.php?tid=26768)
Security Question for CodeIgniter setup in a live environment - file system permissions - El Forum - 01-22-2010
[eluser]Unknown[/eluser]
I am putting a site online this weekend and must admit that I am somewhat anxious about security. I check all my user input thoroughly, escape all variables for SQL etcetera, but there is one thing which I just realized I don't know:
How do I set the file system access (chmod)?
I want it as tight as possible but obviously not tighter or the whole thing won't work.
My folder setup is like this:
/
/ci-app
...(subfolders)
/ci-system
/ci-system/cache
/ci-system/logs
... (more subfolders)
/www
/www/css
/www/js
/www/img
/www/upload
I really hope someone can help me out here 'cause a couple of hours of googling and looking on forums haven't given me the answer. I know it's basic stuff and possibly not 100% related to CodeIgniter, but I feel it would be something anyone developing a CI application (or any web application really) should know - that includes myself.
Thanks again for anyone that can help me out here.
Security Question for CodeIgniter setup in a live environment - file system permissions - El Forum - 01-22-2010
[eluser]mattpointblank[/eluser]
Make sure you give the logs folder write permissions or the whole site will silently fail (assuming you've enabled logging). Besides that, I don't there's anything CI-specific, unless you've written an upload script. Re-read the installation instructions?
Security Question for CodeIgniter setup in a live environment - file system permissions - El Forum - 01-22-2010
[eluser]Unknown[/eluser]
Thanks for your quick reply. I am aware my question is not CI-specific and quite basic at that. A folder containing a php script should be set to permission 555 / 755 or ...? I'm ashamed to even ask - it's not in the installation instructions though.