I am using php on Linux / Apache server. I have Three type of directories like as
|_ Writeale Directory
|_ PHP Files
|_ Image Files
Writeable Directory would used only by PHP to writing some txt, images...
PHP Files excuted by server and return HTML codes
Image Files Directories contains only images like as jpeg gif swf ....
Which permisions needed for each directory? What is default permission for directory (created by FTP or PHP)? My server Default value is 755. Is it secure?
Has permissions any effect on server performance?
Answer
A very general overview:
- directories where users (i.e. PHP) can write data should lie outside your httpd documentroot.
- directories that hold content apache should read require world read access, and not much else, i.e. 0755 is more than sufficient.
Directories require eXecute access; files should NOT have execute permissions.
No, not PHP files either. - The default permissions are determined by the umask set for the user apache runs as.
- uploaded files should be examined and verified before being made available for download.
Depending on the country you are in, you can be liable if you allow people to upload viruses and distribute them for download.
No comments:
Post a Comment