Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#37 2008-03-28 16:31:55
- redbot
- Plugin Author
- Registered: 2006-02-14
- Posts: 1,410
Re: Important Security Question
ruud, rloaderro, mary
first of all many thanks for your advice, very appreciated.
Though I understand what ruud says, this time I tend to agree with rloaderro.
They seemed to be quite confident and supportive about this so I tend to trust them (hope I will not regret it).
Considering also that they have a good reputation I think that, at least for now, I’ll stick with them.
And for what concerns rloaderro’s suggestions, thank you, but for now the swich to VPS is completely out of reach both economically than mentally (I’m not so well-versed in server things and I’m overwhelmed by another billion things now, not considering this is not my primary job).
Offline
Re: Important Security Question
My host has finally come back and told me that for the php script to write to the folder permissions must be 777 or 666. I’ve asked about the security of this as I know this would mean anyone could write to the folder. Are there shared hosts that are known to have a safe solution to this? I’ve had other problems and I am thinking of moving my 3 sites.
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
Re: Important Security Question
With 666 folder permissions, your folder becomes unusable. You can’t create, delete or even read files in such a folder. In fact, you won’t even be able to determine who owns the files, how big they are and what the permisions are.
I don’t have a recommendation for hosting, since I host all my websites myself.
Offline
Re: Important Security Question
Matt_D, check out the Textbook page. Before you sign up with any of them, ask about permissions.
Last edited by jm (2008-03-28 18:34:45)
Offline
Re: Important Security Question
Thanks, mine is listed under “Hosts to avoid”. Other than this the only trouble i’ve had from them is slow support. I’ve got 6 months left on my plan (3 of which were free) so I had to leave now. I may need to make due until it’s up.
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
Re: Important Security Question
I would definitely move. I was hosted through IX for 3 days – everything was a “security risk,” even SFTP (right!), according to support. The cancellation process sucks though – you have to wait for them to call you and pester you about why you want to cancel.
Offline
Re: Important Security Question
From my host who I think I will be ditching soon
“On our linux servers php is configured with Apache and to be able to write into folders properly using php application you should chmod them to 777 permission mask. You absolutely right and it’s not the best permissions from the point of security, because anyone can write into this folder if 777 permission mask is set. Unfortunately there is no way to write into directories without 777 permissions set.”
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
Re: Important Security Question
Matt, which host is that?
Offline
Re: Important Security Question
ixwebhosting
The only reason I haven’t left is I’ve already paid for the next 3 months and I have a credit for the 3 months after that. I know what they are saying is BS and it scares me to think that they don’t know what they are talking about.
Last edited by MattD (2008-04-02 17:12:08)
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
#46 2008-04-03 06:42:35
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Important Security Question
…even SFTP (right!)…
Wha? Yikes.
Offline
Re: Important Security Question
I installed LAMP on my ubuntu machine and I have to give the directory 777 permissions to get rid of the warning in diagnostics. How do I fix this?
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
Re: Important Security Question
Matt, if you’re the only user (i assume this is your own home computer), then the risk is much less compared to when you’re on a shared webhost.
But if you want to change this, you could either configure Apache to run under your own username or use something like suphp or fastcgi to make the PHP scripts run onder your username…. or you could “chown” all the files to the same user as the one that your webserver currently runs as (often www-data or nobody).
Offline