Re: [PHP] File Permissions?
- Date: Wed, 16 Aug 2017 12:10:09 -0400
- From: Adam Jon Richardson <adamjonr@xxxxxxxxx>
- Subject: Re: [PHP] File Permissions?
On Wed, Aug 16, 2017 at 12:02 PM, Tedd Sperling <tedd@xxxxxxxxxxxx> wrote:
> We had an incident happen at the college where I teach — the IT guy said:
> > After further inquiry, it appears a bad guy used a php vulnerability
> injection over http to enter into a folder on CITW. This was made
> possible because the permissions were misconfigured (execute was set to 755
> instead of normal 644).
> My understanding of permissions is that 755 is normally thought of as
> secure — is that not true?
755 is typical for directories, but 644 for files.
That said, I often even reduce the permissions beyond 644 in production