On Thursday, January 8, 2015 at 4:40:44 PM UTC-5, RichShumaker wrote: > > ... > I changed the permissions on my server folder to 777(probably overkill and > not wise should only need a change to the store.php file). > Once I changed permissions it worked and boom goes the dynamite I am up > and running. > ... >
And in a little while, boom goes the hacker as they take over your server. The store.php file should be readable by the system user account that you web server runs under (typically www). In most cases it should not need to be executable (but might be needed if PHP is being picky). It should most definitely NOT be writable by the www user. The directory that you put the tiddlywiki file in needs to be both readable and writable by the system user account that your web server run under. This allows store.php to actually write the file. It will also allow store.php (or any other process run under that user account) to write any file at all to that directory. In theory, you could make only the specific tiddlywiki file (and the backup directory that store.php keeps old versions) writable but not the directory that the main file is actually stored in. I haven't tried this. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/566e60cf-f92a-46ab-a442-3febe645876c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
