68 users online (0 members and 68 guests)  


  Results 1 to 6 of 6

Related

  1. Replies: 1
  2. html file upload hel;p    Forum: HTML Forum
    Replies: 0
  3. CHMOD Problem    Forum: HTML Forum
    Replies: 2
  4. mov file into the html    Forum: HTML Forum
    Replies: 10
  5. chmod html file to 666 risks ?    Forum: CGI Perl Forum
    Replies: 1
  1. #1
    tcuk's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2002
    Posts
    4

    chmod html file to 666 risks ? again!!

    I posted this earlier and it was "closed" by an admin. His answer didnt make any sense at all and certainly did not answer my question so I must ask the question again.

    What are the risks of chmod'ing an html web page to 666 ?

    I know this makes the file writeable by all - but can someone actually change the page without having access to the file directly ?

    I have an editor script which allows me to edit my web pages - the script is protected by a password so you cant use the editor unless you have been authorised but any html files I want to edit must be set to 666 ...

    What are the risks ? Could someone delete / change the content of my web page ?

  2. #2
    tcuk's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2002
    Posts
    4
    Although my post above seems to me very well explained, I will try and explain in a more simple way....

    If I set an HTML file to "world writeable" (i.e chmod 666) - could someone make changes to this file without my authority ?

  3. #3
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    How are people going to be able to access your file unless they have your password and userID to access your web host server?

  4. #4
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    The risk is this -

    In theory , anyone with a shell/login to the webhost via telnet or at the console will be able to write to your file if they have access to your web directory. No-one without FTP access will be able to change things from the web, its only people with access to the server you need to worry about.

    I run a few scripts with permissions set this way, unless someone is really out to get you, you have no problems.
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?

  5. #5
    tcuk's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2002
    Posts
    4
    Flame removed

    users from the web couldnt do anything but users of the server with FTP / shell access could.

    What about telnet to port 80 ? since the files are world writeable - will someone who telnets to port 80 be able to do anything ?

    I have an inclination that there are restrictions in place - its a linux box. I suppose the way to test is to telnet to port 80and see what I can do.

    Thanks again for your help.
    Last edited by HTML; 11-18-2002 at 02:23 PM.

  6. #6
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    port 80 is the http port. You can't telnet it.

    An advanced hacker would probably be able to get to your files, but the same could be said for any of us. The question is, would they even try? You should be pretty secure.
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?



Tags for this Thread