SitePoint Sponsor |
|
User Tag List
Results 1 to 3 of 3
Thread: Directory / File Mode
-
Jul 31, 2008, 18:45 #1
- Join Date
- Nov 2005
- Location
- Karachi - Pakistan
- Posts
- 1,134
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Directory / File Mode
Hi
I have a script that generated some HTML pages, and also create directories. But what I did was I change the permission of the main directory public_html as 0777 through FTP.
Is this OK ? are there any security threats ?
Please let me know what is the proper way to do this ?
Further, I am using this function to create file and directory :
PHP Code:function createDir($dir_to_create,$mode)
{
if (!file_exists($dir_to_create))
{
mkdir ($dir_to_create,$mode);
}
}
PHP Code:createDir("dirname",0777)
Thanks
Zeeshan
-
Jul 31, 2008, 21:22 #2
- Join Date
- Oct 2006
- Location
- Kathmandu, Nepal
- Posts
- 4,013
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Further, I am using this function to create file and directory :
function createDir($dir_to_create,$mode){
if (!file_exists($dir_to_create)){
mkdir ($dir_to_create,$mode);
}
}
PHP Code:mkdir ($dir_to_create,$mode);
And don't create the directories directly in the public_html (root). If you are comfortable with creating new directory/files into a separate directory (like member directory under main root that is create earlier manually then create other directories inside it). I cant point out here a particular vulnerability now but giving full write permission to the root directory is not the good idea.
PHP Manual says:
The mode is 0777 by default, which means the widest possible access. For more information on modes, read the details on the chmod() page.Mistakes are proof that you are trying.....
------------------------------------------------------------------------
PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5
-
Jul 31, 2008, 21:53 #3
- Join Date
- Mar 2008
- Posts
- 1,149
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
There's something called umask that affects the permissions of filesystem objects you create.
Changing the permissions of your root web directory, or any directory, to be world-writable only has concerns if (1) there are other users on the server and there is no mechanism in place to prevent them from accessing your files, or (2) there's an exploit in your script. Otherwise, it's fine.
Bookmarks