Re: [PHP] Security Question, re directory permissions [long answer]

2007-05-22 Thread Daniel Brown
My pleasure, Arno! On 5/22/07, Arno Kuhl <[EMAIL PROTECTED]> wrote: -Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: 18 May 2007 10:27 To: Al Cc: php-general@lists.php.net Subject: Re: [PHP] Security Question, re directory permissions [long answer] On 5

Re: [PHP] Security Question, re directory permissions

2007-05-19 Thread Al
I use Hosting Matters. It is super reliable and solid. itoctopus wrote: I'm genuinely interested to know with whom you're hosting... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question, re directory permissions

2007-05-19 Thread Tijnema
On 5/19/07, itoctopus <[EMAIL PROTECTED]> wrote: I'm genuinely interested to know with whom you're hosting... No problem, it's www.dapx.com, it hasn't a lot security, safe_mode is off for example. If you know the right stuff from another user on the same server, you can actually do some nice st

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread itoctopus
I'm genuinely interested to know with whom you're hosting... -- itoctopus - http://www.itoctopus.com "Tijnema" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On 5/19/07, Al <[EMAIL PROTECTED]> wrote: >> How can anyone, other than the staff, get into my site? Far as I know, >> ot

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Al
I guess your comment "The less secure everything else is." is the best answer. I'm developing a CMS where logged-in, selected users can create new directories and pages in them. I'm comfortable that my code is secure. I'm using php's ftp functions, with good security, to mkdir and create

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Tijnema
On 5/19/07, Al <[EMAIL PROTECTED]> wrote: How can anyone, other than the staff, get into my site? Far as I know, other users can't get out of their own domain space and into mine. That's quite easy, especially when you have SSH access. Of course, it will only work with specific settings, and

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Robert Cummings
On Fri, 2007-05-18 at 20:16 -0400, Al wrote: > How can anyone, other than the staff, get into my site? Far as I know, other > users can't get out of their own domain > space and into mine. Bugs in your code, bugs in third-party code, bugs in PHP itself, sometimes they can be abused to take adva

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Al
How can anyone, other than the staff, get into my site? Far as I know, other users can't get out of their own domain space and into mine. Tijnema wrote: On 5/19/07, Al <[EMAIL PROTECTED]> wrote: But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [a

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Tijnema
On 5/19/07, Al <[EMAIL PROTECTED]> wrote: But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [and others] require someone who has access to upload a harmful file to start with. Right? Once they are in there, they can do anything they please anyhow.

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Al
But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [and others] require someone who has access to upload a harmful file to start with. Right? Once they are in there, they can do anything they please anyhow. Al. Tijnema ! wrote: On 5/18/07,

Re: [PHP] Security Question, re directory permissions [long answer]

2007-05-18 Thread Daniel Brown
On 5/18/07, Al <[EMAIL PROTECTED]> wrote: I'm on a shared Linux host and have been wondering about security and directory "other" ["world"] permissions. The defaults are 755. The 'others' [world] can read them only. Is there a security hole if a dir on the doc root if a directory has permissio

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Tijnema !
On 5/18/07, Al <[EMAIL PROTECTED]> wrote: How can they write or edit files there without having ftp access or the site's file manager? SSH access? Telnet maybe? PHP script? CGI script? ASP script? There are a lot of possible ways someone can write there. Tijnema Tijnema ! wrote: > On 5/18/

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Al
How can they write or edit files there without having ftp access or the site's file manager? Tijnema ! wrote: On 5/18/07, Al <[EMAIL PROTECTED]> wrote: I'm on a shared Linux host and have been wondering about security and directory "other" ["world"] permissions. The defaults are 755. The 'ot

Re: [PHP] Security Question, re directory permissions

2007-05-18 Thread Tijnema !
On 5/18/07, Al <[EMAIL PROTECTED]> wrote: I'm on a shared Linux host and have been wondering about security and directory "other" ["world"] permissions. The defaults are 755. The 'others' [world] can read them only. Is there a security hole if a dir on the doc root if a directory has permissi

[PHP] Security Question, re directory permissions

2007-05-18 Thread Al
I'm on a shared Linux host and have been wondering about security and directory "other" ["world"] permissions. The defaults are 755. The 'others' [world] can read them only. Is there a security hole if a dir on the doc root if a directory has permissions 757? If there is a security problem, w