Jonathan Haddad wrote:

so I've been doing a little thinking about web server security..

#1. Since all files on the web are 644, what is to stop someone on the same server from copying your files to their own directory? (specifically your database connection info)
#2. if a folder if 777, what's to stop someone from writing to that folder?

Answer to both questions is a combination of SAFE_MODE and open_basedir restrictions among other things discussed on the manual pages for those functions / features.

If those restrictions are not in place, then nothing is stopping someone on the same server to read/write in your filespace with PHP.

---John Holmes...

Amazon Wishlist:

php|architect: The Magazine for PHP Professionals –

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to