Remulon Posted February 26, 2009 Share Posted February 26, 2009 Dandelion: I am in the same boat as you. I know that when I insatalled my version of MS2.2 I was asked to chmod 777 those same folders. Eww and Vger: You guys say the solution is simple.. move! What if I have multiple installations on multiple domains for multiple clients? Not so simple now is it? Other than moving, does anyone have a real solution? I realise it probably has to do with PHP creating files owned by "nobody". But how can we change this? Those of you who have your folder permissions set to 755, who is the owner of files created by PHP? For example your Admin uploaded images? How can I change this setting for PHP? Remo Link to comment Share on other sites More sharing options...
germ Posted February 26, 2009 Share Posted February 26, 2009 Read the last post here: click me If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Remulon Posted February 26, 2009 Share Posted February 26, 2009 regarding Cooch's post on Jun 21 2008 on page 2 of this thread: Cooch put forward a method of CHMOD'ing the directory to 777 (via ftp) you are uploading to before the upload, and then CHMOD'ing the directory back to 755 after the upload and he proposed that it be done in the admin/categories.php file. I got it to work as Cooch intended, however, I am interested in actually adding this functionality to the admin/includes/classes/upload.php class but I have a few questions first. Does anyone know if this method is safe? Can this file then be used by hackers to CHMOD other directories for their benefit? Are there any other security holes that might be opened up by this method? Does anyone know if this has already been done? Thanks R Link to comment Share on other sites More sharing options...
germ Posted February 26, 2009 Share Posted February 26, 2009 If a hacker came along when the folder was at 777 permissions (while you were in the middle of doing whatever it was you were doing) you'd still get hacked, so no it's not totally "safe". :( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Remulon Posted February 27, 2009 Share Posted February 27, 2009 Thanks germ, Yeah, I do see that there would be a small window there for hackers. I guess a simple way would be to use the .htaccess file that was proposed here Link to comment Share on other sites More sharing options...
germ Posted February 27, 2009 Share Posted February 27, 2009 If it makes you feel any better I actually tested it and it did stop a PHP file from running, so I assume it would work just as well on the other types of scripts it disallows. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.