Hi all.
I have read a bit about having web directories that are world writeable.
Some say that they are a security hole and some say they are not.
I have used open source applications like oscommerce and have had
several of them hacked, finding php files placed within the images
directory. My host claims it is because the images directory is world-
writeable and someone uploaded files into it.
I am looking into using a photo gallery (coppermine), and it needs
777 permissions on the upload directories in order to allow user
uploads.
I am worried about using it even though there are many on the
coppermine forum that claim it is not a security risk.
So, my questions are:
1) is 777 really a security hole or not?
2) I noticed that some servers give upload files "www" ownership and
others give "user" ownership...does that make any difference?
3) if 777 is a hole, why are applications still being written with
this requirement?
thanks for any guidance!
steve
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: wdvltalk@lists.wdvl.com
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.