security concern with 777
« on: July 12, 2010, 10:30:26 PM »
I was reading a post here on the dangers of 777 permissions : http://dionysopoulos.me/blog/777-the-number-of-the-beast

This has gotten me concerned about the data folder permissions set to 777.  Can a dev/admin please speak to this point and are there any plans to change the code to allow for a more secure folder setting?

Thanks,
Corina
Re: security concern with 777
« Reply #1 on: July 13, 2010, 11:27:25 AM »
Hello,

there is an .htaccess file included in data/ folder with "deny from all" directive, so all requests to that folder are blocked and it is used as logs storage only.
Oleg Ignatiuk
www.xml-sitemaps.com
Send me a Private Message

For maximum exposure and traffic for your web site check out our additional SEO Services.
Re: security concern with 777
« Reply #2 on: July 13, 2010, 03:49:35 PM »
Ahh.  Thanks. That makes sense.