Opinions on 777 directory for uploading

[eluser]Random dude[/eluser]
I'm using swfupload for a project, and it seems I'm going to have to have file permissions 777 on the uploads directory to make it work. I also need upload.php to be able to create new directories within uploads/.

I have used another uploader for tinymce in the past and it also required 777, is this the norm?

What should I be thinking about from a security perspective?
Is it just a matter of keeping upload.php sharp and secure (not allowing any malicious content through), or are there a range of other things to consider?

[eluser]Yorick Peterse[/eluser]
Depending on your server configuration this might be required. The biggest mistake people make is that by setting the file permissions of a specific file to 777 it enables everybody to hack your server, which is not the case. It's perfectly save to set the file permissions of a specific directory to 777 as long as you know what's running on your server and if that's safe or not.

The best thing would be to simply CHMOD the directories/files to 777 and make sure that all uploaded files are being validated before storing them on the server.

[eluser]Random dude[/eluser]
[quote author="Yorick Peterse" date="1263148159"]It's perfectly save to set the file permissions of a specific directory to 777 as long as you know what's running on your server and if that's safe or not.[/quote]

Can you suggest any specific material about how to understand and manage whats running on a server (in this case, Apache, correct?). I'm happy to hear it's perfectly safe if you do the right thing!

[quote author="Yorick Peterse" date="1263148159"]
The best thing would be to simply CHMOD the directories/files to 777 and make sure that all uploaded files are being validated before storing them on the server.[/quote]

If I CHMOD the directory, is there anyway an attacker can upload anything apart from going through my upload.php script?