Hi, I have a hosting provider that allows localhost script to write to any file and folder within ‘644’ permission. As an example in coop network, I don’t have to change ad_network_ads.txt permission to ‘777’, the coop script still working with ad_network_ads.txt permission set to ‘644’. What are the impacts of this server configuration in security manner? I want to tell the server owner maybe he must change the server configuration, but I don’t have an argument why it should be change.
If somebody finds a vulnerability in your code (e.g. if you are creating temporary files, etc) or your configuration and creates a new file within your web directory structure, this file can then be requested, executing somebody's evil code on your server. J.D.
I guess I should tell the server owner now. Some of my scripts permission also strangely changed from 644 to 000, causing a lot of 404 errors. This is definitely not safe. Thank you.