| Often when setting up PHP scripts on web hosting | | | | hacker exploit it if they got in? |
| accounts you will see the requirement to set some | | | | >A. When a hacker gets in and starts causing |
| files and directories to Chmod 777. This means | | | | trouble not much will stop them. Even with the file |
| everyone can read, write and execute this items. On | | | | permissions as strict as possible other opportunities |
| the surface this looks like a security risk but with a | | | | would be exploited, like databases will be wide open. |
| properly configured server this is security risk is | | | | So, yeah... you can ensure some files that are not |
| eliminated. | | | | change or deleted, but not all. |
| Q. Should EVERYTHING be chmod 777 then when | | | | Q. Is it likely a hacker would get into my server to |
| installing PHP scripts? | | | | access the mysql database? |
| A. Not really. Just the required directories, and all the | | | | A. Yes as likely just as much as getting in to edit |
| files and directories inside them. Again it won't effect | | | | files, by editing your files the hacker can change |
| security if you do, so long as the server configuration | | | | things like what is displayed on your web pages, buy |
| has a normal security configuration. | | | | normally stored in the mysql database are items like |
| Q. Access by "Owner," "Group," and "Everyone." are | | | | e-mail addresses and passwords that can be much |
| what the numbers mean, so can anyone change files | | | | more valuable in terms of cash. A database is chmod |
| set to 777 because they are writable to everyone? | | | | 777 at all times when you think about it. |
| A. Um, on the surface, yes. But, looking deeper the | | | | Q. Can MySQL permissions be used to secure it form |
| person must first get access to your server and be | | | | intrusion as well? if I make it so they users can not |
| able to view the file to do that. They additionally | | | | delete what will happen? |
| need access to the files directory, and the directories | | | | A. Most scripts will not work with limited settings like |
| directory that file located all the way up the point | | | | that. Scripts need to be able to delete content at |
| they try to access your files. Reasonably you will | | | | times. If the script can delete, so can a hacker. So |
| have a directory (like your user name) which is not | | | | the key is keeping them out of the server before |
| chmod 777. This is normally set to chmod 111 by the | | | | this point is the only real solution. |
| host at account set up. | | | | Q. Still my host does not want me setting things to |
| Q. Would it be safer not to use chmod 777? Could a | | | | chmod 777 because they say it is not safe? |