Welcome to WebmasterWorld Guest from 54.166.54.215

Forum Moderators: bakedjake

empty index.php Vs CHMOD 0773

Image folder security

   
2:34 pm on Oct 2, 2007 (gmt 0)

10+ Year Member



Hello!

My Server is Apache/PHP

I was setting image folder to 0773 but then i found that i need to use php to read directory image and delete some every some period, so it should be 0777 to be able to do that!

So my question, is it as safe to just put an empty index.php file in the image folder like setting it to 0773?

Thanks in advance

7:06 am on Oct 4, 2007 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



- i'm not sure that putting an empty index.php is going to do anything useful for you.

- setting the user permission to 3 makes it unusable as a directory by the non-owner/group since it is not readable.
it should be either a 5 for a readable directory or a 7 for a read/write directory.

2:34 pm on Oct 6, 2007 (gmt 0)

10+ Year Member



Turn off indexes for the directory and don't worry about perms.

Options -Indexes

Sean

4:34 pm on Oct 6, 2007 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



OK, back up - we are talking about two different kinds of security here.

An empty index.html will serve web browsers an empty page. (Presuming your server is set to use index.html as a default page.) This will prevent browsers from seeing an index of your files, which they might if you had no default page.

However, the other method mentioned above is better for this purpose.

Unix/Linux file permission are used to control access to files by other users logged-in to a shell. If you are on a shared server, you need to use file permissions to prevent other customers of the hosting service from seeing or altering your files.

If you are on a dedicated server or a VPS, which you control exclusively, file permissions are less important - you probably have no other shell users.

However, you probably should still concern yourself with file permissions, as you may from time to time have others (employees, consultants) working on your machine, and may wish to make access available on a "need to know" basis. As well, careful use of file permissions can help control any successful break-in or exploit to your site that gives an attacker control of a non-root account.

[edited by: jtara at 4:34 pm (utc) on Oct. 6, 2007]

4:34 pm on Oct 6, 2007 (gmt 0)

10+ Year Member



where to turn it off?
4:51 pm on Oct 6, 2007 (gmt 0)

10+ Year Member



Thanks, am having VPS so it sounds like its not a problem as there are no other user/employees working on my site.

Thanks again!

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month