baraovon Posted January 14, 2010 Share Posted January 14, 2010 after installing the script, it asks to erase the /install folder and change permission on the catalog/includes/configure.php to 444, but why not letit 644? can someone hack my site if I let as 644? but ins't the diferet between 444 and 644 the permission of the owner to write on the file? so how could the hacker be able to write on the file if I am the only with ftp access to my site? I'd be very grateful if someone explain this to me ty vm Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted January 14, 2010 Share Posted January 14, 2010 after installing the script, it asks to erase the /install folder and change permission on the catalog/includes/configure.php to 444, but why not letit 644? can someone hack my site if I let as 644? but ins't the diferet between 444 and 644 the permission of the owner to write on the file? so how could the hacker be able to write on the file if I am the only with ftp access to my site? I'd be very grateful if someone explain this to me ty vm The very best reason I can tell you is that due to the similar filenames and paths, it helps prevent you from overwriting the configure.php file with the wrong one. A little extra thought has to be put into changing the permissions first. Oh, and it keeps someone from running as script suid to you from another location and making that change. And some hosts play better with permissions at 644 rather than 444. Either one is safe enough, generally, but err on the side of safety when able. Just my $2 worth. (inflation, you know) Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Guest Posted January 14, 2010 Share Posted January 14, 2010 $2 dollars Mark ???? I would have given the same advice for $1.75 :D Chris Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted January 14, 2010 Share Posted January 14, 2010 $2 dollars Mark ???? I would have given the same advice for $1.75 :D Chris Of course. I don't do this for a living. I really don't want to do anything for a living, actually. It's sort of like when I was working my way through college as a mechanic. I made $7 and hour. Top dollar in those days. And I really did not want to be a mechanic in my free time. I wanted to study. I always had friends and relatives wanting me to fix their cars. (BTW, I was a diesel engine mech, not a automotive mech.) The price to fix friends and relatives cars was $15 an hour. Left me with most of my time free to study... Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.