Web Security Best Practices when using SuPHP Εκτύπωση

  • 102

Whilst using any shared hosting environment it is important to consider the practices you are engaging in when uploading files and making them to the accessible to the world. If you are familiar with a UNIX system, or you have ever had to manually install a blog or a forum you may already be familiar with the standard way the Linux handles permissions.

In Linux, permissions on a file or directory are specified by three numbers. For example, permissions on a file can be... 600, 666, 700, 755, 777. The first number, refers to the permissions that the owner of the file has on the file. The second number, refers to the permissions that the group that the owner belongs to has on the file, and the third number, refers to the permissions that the world (everyone else) has on the file.

The permissions correspond to:

0 = no permissions, you can do nothing to the file, or read the contents of the file
1 = execute - you can execute the file if it is an executable (e.g. .php)
2 = write - you can write to the file
3 = write and execute - (1+2)
4 = read
5 = read and execute (4+1)
6 = read and write (4+1)
7 = read, write and execute (4+2+1)

Common Permissions on Files

777 permissions are the maximum permissions that you can give a file. It effectively gives everyone else free reign on that particular file - they can read, write, execute and edit it to their heart's content, because you've granted them those permissions. Guru-host run suPHP, PHP file or folders with PHP files in them cannot have these permissions on our systems.

755 permissions give you (the user) all permissions, whilst everyone else can read the contents, and execute the files. This is generally the permissions you should give to most PHP files.

711 permissions give you all permissions, whilst everyone else can only execute. You can grant these permissions to a db.php file that has your database details in it if you wanted. Other users cannot read the contents.

600 permissions gives you read and write, whilst everyone else has no access whatsoever. This is considered the best permissions for a configuration file for example that contains sensitive information such as database usernames and password. It is also recommend to have these files outside of a web accessible root. (Outside of your public_html directory)

644 permission give you read and write, and everybody else read access. This is generally the permissions you would grant onto most HTML and images files and folders within your website.

How Do I Change Permissions on my Files and Folders?
If you have an FTP program, there is an option in most to CHMOD the files. This is the option you will need to look for - in some programs you may simply be able to right click and change the permissions that way.

The simple rule of thumb is don't give more permissions on a file or directory than you need to.

Ήταν χρήσιμη αυτήν την απάντηση;

« Πίσω