Results 1 to 6 of 6
11-18-2002, 12:10 PM #1
chmod html file to 666 risks ? again!!
I posted this earlier and it was "closed" by an admin. His answer didnt make any sense at all and certainly did not answer my question so I must ask the question again.
What are the risks of chmod'ing an html web page to 666 ?
I know this makes the file writeable by all - but can someone actually change the page without having access to the file directly ?
I have an editor script which allows me to edit my web pages - the script is protected by a password so you cant use the editor unless you have been authorised but any html files I want to edit must be set to 666 ...
What are the risks ? Could someone delete / change the content of my web page ?
11-18-2002, 12:14 PM #2
Although my post above seems to me very well explained, I will try and explain in a more simple way....
If I set an HTML file to "world writeable" (i.e chmod 666) - could someone make changes to this file without my authority ?
11-18-2002, 01:18 PM #3
How are people going to be able to access your file unless they have your password and userID to access your web host server?
11-18-2002, 01:41 PM #4
The risk is this -
In theory , anyone with a shell/login to the webhost via telnet or at the console will be able to write to your file if they have access to your web directory. No-one without FTP access will be able to change things from the web, its only people with access to the server you need to worry about.
I run a few scripts with permissions set this way, unless someone is really out to get you, you have no problems.
11-18-2002, 02:16 PM #5
users from the web couldnt do anything but users of the server with FTP / shell access could.
What about telnet to port 80 ? since the files are world writeable - will someone who telnets to port 80 be able to do anything ?
I have an inclination that there are restrictions in place - its a linux box. I suppose the way to test is to telnet to port 80and see what I can do.
Thanks again for your help.
Last edited by HTML; 11-18-2002 at 02:23 PM.
11-18-2002, 02:57 PM #6
port 80 is the http port. You can't telnet it.
An advanced hacker would probably be able to get to your files, but the same could be said for any of us. The question is, would they even try? You should be pretty secure.