| Can't upload to directory when 755 |
|
Generally speaking, you should avoid setting directories to 777 as this means that ANY USER ON THE SERVER can read and write that directory. This is especially bad if your server is a shared host and you don't trust the other users on it. If you can help it, you should never do this. If you must, well you must...
If you grant ownership and write permissions for the directory to Apache (or whatever web server is running) then you still run essentially the same risk as just setting the folder to 777 (anyone can create a PHP script hosted on the web server) UNLESS your server is configured with something like suExec or suPHP. These modules cause Apache and/or PHP to run as some particular user other than apache or www-data or whatever. In this case, You don't have to worry so much about php scripts hosted by others on your server, but you have to be especially careful about your own PHP scripts because when people access them, they are typically running as YOUR USERNAME. Basically, your scripts have write access to all the files and folders that belong to your username. It would in this case probably be wise to turn off write permissions even to your own user for all of your files even though it's a pain in the ass. In practice, I don't think anyone actually does this. You just have to be sure your PHP scripts only write the files they are supposed to and watch out for malicious people using your PHP to write files you don't want them to write. Generally speaking, you should * grant the absolute minimum permissions possible * put any writable directories outside the web root or you run the risk that someone will write some evil exploit to your web directory and then request that file via the server. * be extremely careful about writing files, directories, or data in response to user input. screen input for XSS or exploits, escape query values properly, make sure file pathnames are confined to the directory where they are destined instead of something like '/etc/passwd' or "../../../config.php" * make sure users are properly authenticated and have permission to write whatever they are attempting to write * probably other stuff I'm forgetting... |
| Messages In This Thread |
|
Can't upload to directory when 755 - by behnampmdg3 - 01-23-2015, 04:56 AM
RE: Can't upload to directory when 755 - by Rufnex - 01-23-2015, 05:04 AM
RE: Can't upload to directory when 755 - by sv3tli0 - 01-23-2015, 05:49 AM
RE: Can't upload to directory when 755 - by Rufnex - 01-23-2015, 06:00 AM
RE: Can't upload to directory when 755 - by Narf - 01-23-2015, 07:03 AM
RE: Can't upload to directory when 755 - by sneakyimp - 01-23-2015, 02:43 PM
|
