On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote:
How can they write or edit files there without having ftp access or the site's file manager?
SSH access? Telnet maybe? PHP script? CGI script? ASP script? There are a lot of possible ways someone can write there. Tijnema
Tijnema ! wrote: > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> I'm on a shared Linux host and have been wondering about security and >> directory "other" ["world"] permissions. >> >> The defaults are 755. The 'others' [world] can read them only. >> >> Is there a security hole if a dir on the doc root if a directory has >> permissions 757? >> >> If there is a security problem, what is it? >> >> Thanks... >> > > If you have a directory with 757 permissions, "world" can create new > files there. > > And if you give files 757 (or 646) permissions, then "world" can edit > that file. > > So if you have a doc dir, you probably don't want extra files there. > It's not really a security problem, but if somebody notices it, he > might write files there. > > Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
