If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
security issue  XML
Forum Index » Support Forum
Author Message
Anonymous



Yes I agree, the poll and guestbook scripts found on this site are some of the best around, but what's up with all the public readable, writeable and executable directories? Chmod 777 creates very serious security issues; some other user that has access to telnet or ssh to your server might be able to change your poll data, see your mysql settings, or store files in your directories.

The way I solve this issue is by setting the group of the files that I don't want other people to see to the largest group in the server. (This might not work for some people). Then I set permission of those files to 705, 715 or 745, so the largest group of the users on the server can't write the files
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline

Thats what I think as well no matter how many times you tell people they never listen. Most people have the problem they can't write to the template files. Thats coz you got to chmod ALL of them. That means every file and folder that comes with advance poll, hence in the readme after it shows the first one it has '...' at the end.

Auron

Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum