cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CHMOD 777 - Is This Hosting Setting Insecure?

woolfcom
New Here ,
Sep 07, 2009 Sep 07, 2009
  • I am looking at using an off-the-shelf script.
  • The script requires CHMOD 777 settings

I read variously that such a setting is insecure.

  1. Is this insecure
  2. If so, could someone kindly explain how
  3. If it is insecure, how would such scripts be made secure and still function?

W.

TOPICS
Server side applications
1.1K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
David_Powers
LEGEND ,
Sep 07, 2009 Sep 07, 2009

chmod 777 is the least secure of all web server settings and should be used as little as possible. A value of 7 means "read, write, and execute". The first digit is for the owner of the file, the second for members of the same group (as defined by the server administrator), and the third is for anyone.

Although 777 is the least secure setting, what usually matters more is the level of security built into the script. A badly written script can do far more damage, even if it has more secure chmod settings.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
woolfcom
New Here ,
Sep 08, 2009 Sep 08, 2009
In Response To David_Powers

Could you give some concrete examples of what you mean when you say that the script may be badly written.

I am looking for some guidance on what to look out for or questions to pose to a script designer to ensure the intergrity of the same.

W

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Sep 09, 2009 Sep 09, 2009
LATEST
In Response To woolfcom

Could you give some concrete examples of what you mean when you say that the script may be badly written.

PHP security is a vast subject, but the most common error is the use of unfiltered user input. Take a look at the following article: http://www.sitepoint.com/article/php-security-blunders/. You'll also find a lot of information by doing a Google search for "PHP security".

The problem with identifying a badly written script is that it might do everything it's meant to, so you remain unaware of potential security loopholes. Unfortunately, security is a moving target. Many people, including myself, were caught out a few years ago by an exploit called "email header injection". It turns an online form into a spam relay by injecting spurious code into the email field of a form. Although I have warned users of this forum about it for several years, I still see people using scripts that are wide open to such exploits.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices