jasoncpp
asked on
Security of web files chmod
Hi,
I am using a web host that supports php and mysql. In one of the files is a php script that accesses my database, the password is embedded in the script. Using CHMOD, what is the correct file permissions to have for this file. I have owner - rwx, group x and other x, is this correct - 711? I do not want the server side code to be read by anyone, so the web host company suggested 444, which I am unsure about. Can anyone please clarify?
Thanks
I am using a web host that supports php and mysql. In one of the files is a php script that accesses my database, the password is embedded in the script. Using CHMOD, what is the correct file permissions to have for this file. I have owner - rwx, group x and other x, is this correct - 711? I do not want the server side code to be read by anyone, so the web host company suggested 444, which I am unsure about. Can anyone please clarify?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As an owner of the file, you can do chmod anytime to make it writeable to yourself.
But 444 give you more protection since hackers can fake themselves to your UID and
overwrite your webpage though ftp or php if that page is writeable for owner.
But they can not do "chmod" since they didn't login. (Well, advanced hackers can
penetrate the system...). So 444 is protecting you from the ftp and php/cgi.