I want to create a PHP script that users can upload an image (logo) into some directory.... well anyways long story short...

the only way that I seem to be able to create this upload script is by setting the images folder to chmod 777

is there any drawbacks to having a folder on the internet with those permission settings?

Recommended Answers

All 2 Replies

CHMOD 777 means anyone with a user account on the server can read, write, or execute any file within the folder. I would not do this if this is a shared server, because any other user account could edit the files. I am not sure what security concerns are involved with this as far as hacking into the server goes.

Well, as Dani said anyone with an account could write to the machine, this doesn't only limit it to users, web scripts also have access to 'an account' via the anonymous web user, which could cause several security concerns.

If you are running a php script, it is highly recommended that you leave no folder 777 except /tmp. Even then you want to be sure that the /tmp directory is on it's own partition, and is mounted with the no-exec flag to prevent people from running malicious programs such as IRC Bots, or worse rootkits, on your machine.

There are litterally hundreds of reasons why you would not keep the directory 777, however I'll leave it at the reasons mentioned for now.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.