Dan Brown wrote:
>>3. Directory ownership - Who should be the owner of this directory?
>>www or root:shared? Why?
>>
>
> The question also applies to files contained in the directory. I'm
> really not sure. I'm still inclined to say www:www, but Darrell has
> pointed out that this would allow a malicious PHP script (or,
> presumably, a malicious CGI) to overwrite any files with that
> ownership. Maybe if the files aren't owner-writable?
hmmmm....
>>4. Access right? - chmod ? 755 should be ok?
>>
>
> For the directory; and for the files 644 (though wrt the above,
> maybe 444 would be better).
444 makes it global read... some files will need to be written to...
Will have to read the install file of the app.
Regards
Brandon Friedman
Cell:083 408 7840
E-mail: [EMAIL PROTECTED]
www.bfconsult.co.za
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
