I been working on a php script that creates a file if the it does not exist. (fopen("w")) however, it would only work if I set the folder that would hold the created file to permission 777.
i am wondering if there is a security issue that i need to account in doing this?
btw if i attempt to check the folder (set to 777) via the site (e.g. www.abc.com/folder/) it will still not list the files there and give the forbidden error message. Does that mean it safe for me to use 777?
Depending how your webserver is setup depends on what can happen and of course the permissions of the account and who its owned by. 777 gives full permissions, if the program using the permissions is 'secure' than you should be alright, but you also have to look at LOCAL security to ensure other users on the box will not be able to manipulate information.