I know this topic is done to death, but I can't find a clear answer to my specific question. I have a php script that creates files on my server, for which I need directory permissions 757.
My question: Is this still a security issue even if I do not allow users to upload files to my site. That is, can hackers do this completely on their own?
If so, I need advice on work-arounds, none of which I can get to work. I've tried:
1) .htaccess "deny from all" - my script no longer writes
2) chmod to 757, create & write to file, chmod back to 755 - I get chmod error "Operation not permitted"
3) chown to change user group permissions for write access - not even close to figuring out how to do it.
4) put the directory above root dir - haven't tried; does it really solve the problem?