Reputation: 21
Why is it dangerous to have 777 files?
A dummy question, why is it very dangerous to have 777 files when no one can access them without a host ID, username and a password?
I know it means all the files and directories will be readable, writable and executable by whole world, But how can people upload files to my server without login credentials?
Upvotes: 0
Views: 2053
Answers (1)
Reputation: 179
With permissions of 777 this means that anyone who is a user on the same server can read, write to and execute the file. In the case of a folder, anyone who is a user will be able to copy files to it. This obviously sounds dangerous if you are using a shared server for your website, which is the case for many personal and small business websites. Normally such servers host thousands of websites, meaning that there are thousands of users. For this reason, the normal safe permissions are considered to be 644 for a file and 755 for a folder. Open folder permissionis can make your site vulnerable to cross-site scripting (XSS) attack. These attacks are usually accomplished through malicious html and javascript, which could be copied to the open folder by a malicious user. Because javascript runs on the web client, disabling scripting in open folders on the web server will do nothing to protect against this type of attack.
Upvotes: 1
Related Questions
- In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?
- PHP: Is permission 777 a security issue?
- Potential issues of chmod 777 on a directory?
- Wordpress file permission
- is it safe to put an htaccess on 777 folder?
- How could someone upload a file to my 777 folder on Apache?
- file permissions messed the site! what is the best permission? 644? 744?
- 770 permissions on file in apache root, still viewable
- Can people write a .php file to my chmod 777 folder
- chmod 777 in php