Web lists-archives.com

Re: [PHP] File Permissions?

On Wed, Aug 16, 2017 at 12:02 PM, Tedd Sperling <tedd@xxxxxxxxxxxx> wrote:
> We had an incident happen at the college where I teach — the IT guy said:
> > After further inquiry, it appears a bad guy used a php vulnerability
> injection over http to enter into a folder on CITW.   This was made
> possible because the permissions were misconfigured (execute was set to 755
> instead of normal 644).
> My understanding of permissions is that 755 is normally thought of as
> secure — is that not true?

755 is typical for directories, but 644 for files.


That said, I often even reduce the permissions beyond 644 in production