Floob Posted September 19, 2002 Share Posted September 19, 2002 .. edit live files (php) directly using the web admin module. The mainpage hack does just that, but for the mainpage.php only. I want to do the same thing, but for any page I specify - is there such a hack? It would make updates so much quicker. Cheers, Floob. Link to comment Share on other sites More sharing options...
burt Posted September 19, 2002 Share Posted September 19, 2002 CHMOD every file 777 and use the "file manager" found in Admin > Tools. When done, CHMOD back to 755 HTH Link to comment Share on other sites More sharing options...
Floob Posted September 19, 2002 Author Share Posted September 19, 2002 Hi, Thanks for that - it looks pretty good. And comes as standard! Can you explain what the security risk is (how it is exploited) of having the files on 777 Cheers, Floob. Link to comment Share on other sites More sharing options...
mattice Posted September 19, 2002 Share Posted September 19, 2002 Hi,Thanks for that - it looks pretty good. And comes as standard! Can you explain what the security risk is (how it is exploited) of having the files on 777 Cheers, Floob. There are many exploits. Having files on chmod 777 means ANYBODY is allowed to write to that file. If you are on a shared server another client could go into your homedir and write to the file without problems. URL manipulation can be used for remote attackers. They write a script in that file and call it in their browser so it gets executed. People with sloppy permissions ask for trouble :P People with web based filemanagers too, or at least that's what I think. Get SSH or TELNET access to your server and use that instead if you can. Mattice "Politics is the art of preventing people from taking part in affairs which properly concern them" Link to comment Share on other sites More sharing options...
CC Posted September 19, 2002 Share Posted September 19, 2002 Floob wrote: Can you explain what the security risk is (how it is exploited) of having the files on 777 In short, if someone with a malicous streak got to your filemanager with all files chmod to 777... You be screwed! :lookround: CC. Link to comment Share on other sites More sharing options...
networkdad Posted December 8, 2002 Share Posted December 8, 2002 I personally prefer using Gossamer's Fileman over the built in filemanager in OSC. Does everything you want from a gui screen, and more. -It's free too. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.