When it comes to web hosting, security is undoubtedly one of the most popular topics. That is because, more than any other form of technology, websites are especially vulnerable to attacks. The very nature of websites being open to the public make them highly exposed targets for cyber criminals involved in direct or random attacks.
One of the ways in which attackers can exploit a system is to go after files with liberal permissions. If they can modify a file from the web, it is very easy to cause damage or possibly even take control of the server. By making sure all of your files have the strictest possible permissions, you can avoid this problem altogether. The following are some good file permissions practices:
- Know your permission types. On Linux servers, for example, you should know that there are permissions for the owners of files, the file’s group, and everyone else.
- Completely open permissions are never a good idea. It may be easy to make a file world-writeable and executable (777 in Unix/Linux), but it rarely ends well.
- Good scripts will not expose you. Some free scripts may ask you to make sensitive files world-writeable in order for them to work properly. The developers of the scripts are obviously not security-conscious, and you should be concerned.
- Test your permissions. You can use the basic web browser test to see if your file is accessible from the web, and you can also do more advanced website vulnerability tests.
When it comes to file permissions, less is more. Only the person who needs to access a file should have access to it, and only the person who manages it should be able to make changes to it.