File permissions and security -


in cms, have php script opens .htm file writing - fopen('footer.htm', 'w+'). works file permissions set 666 on footer.htm, doesn't work if set 664.

am leaving file open abuse or hacking setting public permission 'write'?

i using apache virtual server.

that depends.

to modify file, attacker must able execute kind of code on server, e.g. have shell access. if case, permission smallest problem.

if on shared hosting environment (other customers don't know use webserver) these other users possibly can change file too, if provider did not setup security right , know path.

it not considered best practice set 666 permissions. of these kind of attacks happen on webserver, restriscting permission not solve problem, server needs have write access.

so can do: change mode 664 , change group of webserver running in - other users may still have write access using webserver.

what should do: ensure no malicious code written file. if find code i'm confident find persistant cross-site scripting vulnerability.


Comments

Post a Comment

Popular posts from this blog

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

c# - String.format() DateTime With Arabic culture -

check below code snippet, namespace testdateconvertion { class program { static void main(string[] args) { datetime testvalue = new datetime(2013, 12, 15, 15, 33, 44); cultureinfo culture = new cultureinfo("ar-sa"); string stringvalue = string.format(culture, "{0:d} {0:hh:mm:ss}", testvalue); console.writeline(stringvalue); console.readline(); } } } it gives output 22/02/35 15:33:44 i not getting how possible. whats 35 doing in output there that's 13/12/2015 in hijri, 35 means 1435 in hijri, default date format saudi arabia.
Read more