Welcome to WebmasterWorld Guest from 54.221.54.252

Forum Moderators: bakedjake

Message Too Old, No Replies

empty index.php Vs CHMOD 0773

Image folder security

     
2:34 pm on Oct 2, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts: 418
votes: 0


Hello!

My Server is Apache/PHP

I was setting image folder to 0773 but then i found that i need to use php to read directory image and delete some every some period, so it should be 0777 to be able to do that!

So my question, is it as safe to just put an empty index.php file in the image folder like setting it to 0773?

Thanks in advance

7:06 am on Oct 4, 2007 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10563
votes: 16


- i'm not sure that putting an empty index.php is going to do anything useful for you.

- setting the user permission to 3 makes it unusable as a directory by the non-owner/group since it is not readable.
it should be either a 5 for a readable directory or a 7 for a read/write directory.

2:34 pm on Oct 6, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 30, 2003
posts: 428
votes: 0


Turn off indexes for the directory and don't worry about perms.

Options -Indexes

Sean

4:34 pm on Oct 6, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


OK, back up - we are talking about two different kinds of security here.

An empty index.html will serve web browsers an empty page. (Presuming your server is set to use index.html as a default page.) This will prevent browsers from seeing an index of your files, which they might if you had no default page.

However, the other method mentioned above is better for this purpose.

Unix/Linux file permission are used to control access to files by other users logged-in to a shell. If you are on a shared server, you need to use file permissions to prevent other customers of the hosting service from seeing or altering your files.

If you are on a dedicated server or a VPS, which you control exclusively, file permissions are less important - you probably have no other shell users.

However, you probably should still concern yourself with file permissions, as you may from time to time have others (employees, consultants) working on your machine, and may wish to make access available on a "need to know" basis. As well, careful use of file permissions can help control any successful break-in or exploit to your site that gives an attacker control of a non-root account.

[edited by: jtara at 4:34 pm (utc) on Oct. 6, 2007]

4:34 pm on Oct 6, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts: 418
votes: 0


where to turn it off?
4:51 pm on Oct 6, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts: 418
votes: 0


Thanks, am having VPS so it sounds like its not a problem as there are no other user/employees working on my site.

Thanks again!