Categories
- Arts & Entertainment
- Business
- Communications
- Computers
- Culture & Society
- Disease & Illness
- Fashion
- Finance
- Food & Beverage
- Health & Fitness
- Hobbies
- Home & Family
- Home Based Business
- Internet Business
- Adsense
- Affiliate Programs
- Affiliate Revenue
- Auctions
- Audio Streaming
- Autoresponders
- Banner Advertising
- Blogging
- Click Bank
- Directories
- Domain Names
- Ecommerce
- Email Marketing
- Ezine Publishing
- Forums
- Internet Marketing
- Link Popularity
- List Building
- Podcasting
- PPC Advertising
- RSS
- Security
- SEO
- Site Promotion
- Spam Blocker
- Technologies
- Traffic Building
- Tutorials
- Video
- Video Streaming
- Viral Marketing
- Web Design
- Web Development
- Web Hosting
- Webmasters
- Legal
- Pets & Animals
- Politics
- Product Reviews
- Recreation & Sports
- Reference & Education
- Religion
- Self Improvement
- Shopping
- Travel & Leisure
- Vehicles
- Writing & Speaking
Information
Chmod 777 - Is it a Risk When Installing PHP Scripts?
Submitted: 2007-01-17 14:59:06
Print this article | Tell a friend | For publisher |
Often when setting up PHP scripts on web hosting accounts you will see the requirement to set some files and directories to Chmod 777. This means everyone can read, write and execute this items. On the surface this looks like a security risk but with a properly configured server this is security risk is eliminated.
Q. Should EVERYTHING be chmod 777 then when installing PHP scripts?
A. Not really. Just the required directories, and all the files and directories inside them. Again it won't effect security if you do, so long as the server configuration has a normal security configuration.
Q. Access by "Owner," "Group," and "Everyone." are what the numbers mean, so can anyone change files set to 777 because they are writable to everyone?
A. Um, on the surface, yes. But, looking deeper the person must first get access to your server and be able to view the file to do that. They additionally need access to the files directory, and the directories directory that file located all the way up the point they try to access your files. Reasonably you will have a directory (like your user name) which is not chmod 777. This is normally set to chmod 111 by the host at account set up.
Q. Would it be safer not to use chmod 777? Could a hacker exploit it if they got in?
>A. When a hacker gets in and starts causing trouble not much will stop them. Even with the file permissions as strict as possible other opportunities would be exploited, like databases will be wide open. So, yeah... you can ensure some files that are not change or deleted, but not all.
Q. Is it likely a hacker would get into my server to access the mysql database?
A. Yes as likely just as much as getting in to edit files, by editing your files the hacker can change things like what is displayed on your web pages, buy normally stored in the mysql database are items like e-mail addresses and passwords that can be much more valuable in terms of cash. A database is chmod 777 at all times when you think about it.
Q. Can MySQL permissions be used to secure it form intrusion as well? if I make it so they users can not delete what will happen?
A. Most scripts will not work with limited settings like that. Scripts need to be able to delete content at times. If the script can delete, so can a hacker. So the key is keeping them out of the server before this point is the only real solution.
Q. Still my host does not want me setting things to chmod 777 because they say it is not safe?
A. Tell them to read these explanations. When they cannot prove anything here to be wrong then they should allow you the 777 files and directories. In case they still refuse to see logic then maybe you should find a new web host that is more knowledgeable.
Q. So with Chmod 777 not being a security problem, why should I use other chmod settings?
A. Because we all take a maximum security view point and keeping chmod settings lower than 777 will simply provide additional security for each individual file. This is part of a maximum security philosophy.
Michael Paul is Co-owner of a free web hosting site . Learn more about Free web hosting php mysql and more at http://www.budly.com
Article source: Expert Articles
Most Recent Articles in Web Development category
- The Simpler Way Websites Designing - By: yuvraj sandhu
Are you in dilemma about how should be your website design look so to attract maximum attraction and web traffic. Simplicity is the key to success in every field whether offline or online businesses. - Increase the efficiency of your website with custom CMS - By: Anirban Bhattacharya
CMS or the content management system enables you to update your website frequently by creating, editing, managing and publishing content of your website in an organized fashion. - Website Development: Give it a Professional & Expert Look - By: Naman Jain
Expertise is required if you are running a website and if you want to make it profitable for you. You can give an expert look to your site by opting for website development. - Offshore Joomla Development - By: Anirban Bhattacharya
Joomla is a free open source Content Management System - Website Design With The Use Of W3C CSS - By: Liam Derbyshire
W3C is the renowned name in the implementation of the different web language. It is the rich source of open source web languages with complete learning tutorial. W3C CSS is the new web designed language that improves the consistence of websites on the internet. This article sums up some of the benefits of using W3C CSS for your web pages. - Flash Authoring - By: Sandra Prior
When creating motion tweened animations, remember to insert the second Keyframe after you've created the tween. If you don't, the Create Motion Tween command gets confused. - PHP Web development Advantages - By: Roshan K
PHP (PHP: Hypertext Preprocessor) is a powerful server-side scripting language for creating dynamic and interactive websites. PHP is a popular and widely used programming language used for website development. - Web Development Tips for an E-Business Company - By: Naman Jain
The scenario today is such that, almost all businesses have an online face. Some part of their functioning is done online, and for that you need to have an effective and swift means of communication. - Embrace The Future Of The Web With XHTML - By: Liam Derbyshire
The proliferation of the internet has lead to exposing the weaknesses inherent in the HTML specification. More and more developers are cursing its prevalence for being the reason they have to waste inordinate amounts of time in making sense of the mess created by the sloppy HTML coding practices. With an eye towards making the web more organized and easier to search, XHTML looks set to change the status quo. - Infusing Web Pages With Consistency And Clarity By Using CSS - By: Liam Derbyshire
Web developers everywhere bemoan the annoyance of hacking HTML code to make their web pages appear correctly in the different web browsers being used out there. CSS seeks to answer their prayers by enabling them to achieve consistency in the design of their web pages with a minimum of effort.