I can't believe this discussion is still going on, even though the right
answers have been given right from the start.
Check out what Fro wrote:
<ae**********************************@u72g2000hsf. googlegroups.com>
I made a directory to be writable for "nobody" (i.e.
for those who communicate with the operating system via the php-server
that I use).
<2c**********************************@u69g2000hse. googlegroups.com>
The answer I got:
----------------------------------------------------
Yes, on servers where PHP runs as an Apache module
and .php scripts run under the Apache user nobody
this is possible. This is why setting 777 permissions
is always a concern from a security standpoint.
And the right answer was given by Tim:
<pm********************************@4ax.com>
It's certainly possible, but how would they have found your directory?
@Fro:
Setting 777 permissions is the same as leaving your door unlocked and
putting up a sign saying: "Invitation to everyone: Make yourself at
home! The door is unlocked and the alarm code is 12345." And when you
return home and find that someone has taken up your offer you go: "Who
ate from my plate? Who sat in my chair? Who slept in my bed?" and
complain to the person who built your house.
The real answer is: Don't set 777 permissions. Never ever. Because if
you do you allow your directory to be writable for everyone.
Bye!