Print

[benseth]

Is it safe to chmod the uploads file to 777?

Recently, I have been hacked through a 777 in wordpress which costed me an extra 20$ and 100$ for my sever.  I was not aware of this until my webhost notified me this, this folder was chmoded 777 which allowed worldwide access.  I was wondering if it was safe to make all the album folders 777 in coppermine, or is that a security risk?

[Joachim Müller]

Read SMF: Why chmod 777 is NOT a security risk. Wether 777 is a security risk or not depends on your webserver setup. If your webhost suggests not applying 777, then you should do so. Ask them what permissions are needed on your webserver to grant the webserver (and subsequently the legitimate scripts on it) to have write access. Usually, the following rule of thumb applies: try CHMODing 755 - if this works fine, that's great. If it doesn't work as expected, you'll need 777. As suggested: your webhost needs to come with a final suggestion. Quite frankly though: I would shy away from webhosting that allows the end user to set permissions in an unsecure manner. If 777 is a security risk on your server, then your webhost should make precautions that you can't CHMOD to 777. That's what my webhost does. That's what all good webhosts do.