You have already seen the two-dimensional matrix and the 3 or 4 digit numbers. Permissions can be expressed in many ways. Therefore, 755 is the perfect number it allows all actions for PHP and only reading/viewing for potential hackers. With suPHP, all PHP scripts are allowed the same permissions as the Owner, and outside visitors are still restricted by the World permissions. HostGator have done so by implementing a special PHP security environment known as suPHP (or phpSuExec). The solution to this conflict is to treat PHP as the Owner. Therefore, PHP is treated the same as any unknown visitor and must obey the permissions granted to World. Traditionally, PHP is treated as 'nobody' on the server. The problem is when you install a PHP script the script needs permission to edit files. Thus, the last two digits of file permissions should never be 2, 3, 6, or 7. This allows hackers from the world wide web to edit your files. The concern is giving writable permissions to Group and World. You will not need to use 777 on PHP files or folders. I can tell you that 755 will work in lieu of 777. However, many scripts require you to change your files to 777. HostGator does not allow 777 on files that process server-side (i.e., PHP). Any files inside the cgi-bin folder must have 755 permissions.Ī common concern is using file permissions of 777. (For most files, it doesn't matter if you give the executable permission or not.
0 Comments
Leave a Reply. |