Hi, I know that World-Writeable directories are a security issue and that it is recommended to not have any... but some scripts require them (eg. for a cache directory). From the information that I have read and found regarding this issue, World-Writeable directories are only a security issue due to anonymous FTP users. So my question is this : If anonymous FTP has been disallowed on the entire server, then there should be no security problem with World-Writeable directories... is that correct? Thanks!
A more secure method is to make those directories owned by the same user running the web server. On Linux systems, it would be something like "apache", "www-data" or "httpd". chown www-data /path/to/directory chmod 700 /path/to/directory Code (markup):