Surpass Web Hosting Forums - View Single Post

fhltang · April 20th, 2006, 7:27 PM

We'll I guess "can't" answers half my question.

The other question is, how do I protect my files? Perms 644/755 won't save me from a vulnerability in a php script anymore.

Worse still, not even 660 perms on my mail folders will prevent an incorrectly written php script possibly sending my mail folders over HTTP.

In the pre-phpsuexec days, at least I knew that 660 perms on my mail folders meant that php scripts can't read my mail folders, unless of course a sysadmin erroneously put apache into the "mail" group.

Am I the only one concerned about this?

April 20th, 2006, 7:27 PM	#3 (permalink)
fhltang Registered User Fresh Surpasser Joined in May 2005 8 posts Gave thanks: 0 Thanked 0 times	We'll I guess "can't" answers half my question. The other question is, how do I protect my files? Perms 644/755 won't save me from a vulnerability in a php script anymore. Worse still, not even 660 perms on my mail folders will prevent an incorrectly written php script possibly sending my mail folders over HTTP. In the pre-phpsuexec days, at least I knew that 660 perms on my mail folders meant that php scripts can't read my mail folders, unless of course a sysadmin erroneously put apache into the "mail" group. Am I the only one concerned about this?