Archived Boards and Threads... > Parham's PHP Tutorials

Why chmod 777 is NOT a security risk

<< < (18/21) > >>

rickyk586:
If you change the owner of the directory to the same owner of the server, then the server (including PHP) can write to that folder without the need for it to be 777.  However, this will probably make the FTP not work anymore, since now, the only user that can edit the directory is the server.  Anyways, here is how to do that:

1)  make this php script (don't run yet):  mkdir("temp");
2)  place script into a folder (example: "scripts")
3)  change the permissions on this folder ("scripts") to 777 (this is just for now)
4)  run the script
5)  change the permissions on the folder ("scripts") back to what it was (755 maybe)
6)  the server now has the ability to write to the folder.

Since this restricted my FTP access, I did not do it this way.  I decided to make the folder ("temp") 777 and not worry about it since the files it is creating are 755.

As far as I know, even if the folder is 777, this only gives the public the ability to create new files in the folder, it has nothing to do with the files.  PLEASE correct me if I am wrong.

taha116:
Is there no way to protect a database completly? Even if it costs some money?

aldo:
You could have a MySQL user only assigned permissions to only read from the database... So no... :P

I mean unless you want your MySQL database to act as a archive you just can't. The only way you can protect it is have a good password so people can't get into your server and have a good MySQL password so they can't get in either

taha116:

--- Quote from: aldo on December 29, 2008, 02:01:59 AM ---You could have a MySQL user only assigned permissions to only read from the database... So no... :P

I mean unless you want your MySQL database to act as a archive you just can't. The only way you can protect it is have a good password so people can't get into your server and have a good MySQL password so they can't get in either

--- End quote ---

So its just as easy to hack my 1.1.7 site as it would be to hack this SMF community site? I don't believe that, because if people report getting hacked then why dosent some whacko just hack this too? Their are obviously some differences that you have not considered?

Killer Possum:

--- Quote from: taha116 on December 30, 2008, 12:43:48 PM ---So its just as easy to hack my 1.1.7 site as it would be to hack this SMF community site? I don't believe that, because if people report getting hacked then why dosent some whacko just hack this too? Their are obviously some differences that you have not considered?

--- End quote ---

The differences are in the configuration of the server as well. Just because site A gets their forum hacked doesn't mean site B can be hacked in the same way. Basically, just because your forum was hacked and destroyed doesn't necessarily mean that they got in through the forum software.

Navigation

[0] Message Index

[#] Next page

[*] Previous page