[Wylug-discuss] 777 access on an images directory

[Mike Goodman]

Mike Goodman wrote:
> Phil Driscoll wrote:
> 
>> In the context we are discussing, the execute bit of the file 
>> permissions does not matter a jot. If the webserver is configured to 
>> process files ending in .php through the PHP interpreter, it will do 
>> so regardless of the execute bit setting in the permissions of the 
>> individual PHP file.
> 
> Ahhhh. That is much clearer. Thanks, Phil.
>> Cheers
> 
> Oh, well. There goes tonight's sleep. :-( :-)
> Think I'll read the Apache manual to stop that happening.
> 
> M
> 
> 
> _______________________________________________
> Wylug-discuss mailing list
> Wylug-discuss at wylug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/wylug-discuss
> 
I just had a look in the Zen Cart docs folder, looking for something 
else, and re-read the file important_site_security_recommendations.html
Here's a snippet from under the heading Protect your "images" and other 
folders:
> During initial installation, you are advised to set your images folder to read/write, so that you can use the Admin interface to upload product/category images without having to use FTP for each one. Similar recommendations are made to other files for various reasons.
> 
> However, leaving the images (or any other) folder in read/write mode means that hackers might be able to put malicious files in this (or other) folder(s) and thus create access points from which to attempt nasty exploits.
> 
> Thus, once your site is built and your images have been created/loaded, you should drop the security down from read/write to read. ie: change from CHMOD 777 down to 644.

When I checked, I had done that. So I can sleep soundly again ;-)