Shared environments for hosting are more vulnerable then dedicated. Using web based file manager creates even more security issues. In Foliovision we allow SEO Images (our web based file manager) to access only one directory. Now there is a question which permissions you want to have on this directory.
Not using fast CGI on PHP (PHP is running as apache extension)
777:
| Pros | Cons |
| Files and directories are manageable through FTP and SEO Images simultaneously | This directory is even more vulnerable since any server user is able to write to it |
755:
| Pros | Cons |
| Only apache user (usually named httpd) is able to write to this directory, which enhances the security | Files are not manageable through FTP |
If you are using PHP in CGI mode (Installed as CGI binary) you can leave the permissions set to 755, because the CGI application is the same user as FTP. Also using a web based file manager that operates through FTP will solve permissions issues, but typing the FTP password over and over again is uncomfortable. Storing the FTP password on the server is a great security risk.
Leave a Reply