Different ways to use web based file manager

April 16th, 2010

Shared environments for hosting are more vulnerable then dedicated. Using web based file manager creates even more security issues. In Foliovision we allow SEO Images (our web based file manager) to access only one directory. Now there is a question which permissions you want to have on this directory.

Not using fast CGI on PHP (PHP is running as apache extension)

777:

Pros Cons
Files and directories are manageable through FTP and SEO Images simultaneously This directory is even more vulnerable since any server user is able to write to it

755:

Pros Cons
Only apache user (usually named httpd) is able to write to this directory, which enhances the security Files are not manageable through FTP

If you are using PHP in CGI mode (Installed as CGI binary) you can leave the permissions set to 755, because the CGI application is the same user as FTP. Also using a web based file manager that operates through FTP will solve permissions issues, but typing the FTP password over and over again is uncomfortable. Storing the FTP password on the server is a great security risk.

Peter Baran
By Peter

You might also like

  1. How to prepare FTP uploaded images to work with SEO Images in Filezilla
  2. ClipX Clipboard Manager
  3. How to get HTTPD and FTP to play well together or SEO image management nirvana
  4. FV Gravatar Cache Installation
  5. WP Link Robot Installation

WordPress | Comments | Trackback

del.icio.us Digg Ma.gnolia StumbleUpon Technorati Jump to the top of this page

 

Leave a Reply

  •  
  •  
  •  

You can keep track of new comments to this post with the comments feed.