Chmod 777

[kirpi]

I've head and read many times that chmod 777 is just like giving the server key to any hacker passing by.
As a newbie, I now ask: are you sure I have to set 777 for a couple of directories?

Luigi

[phpfreechat]

You have two solutions:
1. use the auto-extractible setup, then you don't need to give writting right to your webserver because it will unzip the files itself.
2. upload the unziped files on your webserver : you must then give writting rights (chmod 777) on the data/public and data/private directories.

Anyway, don't worry, "chmod 777" on data/public and data/private directories will not alter your webserver security.

regards,

[Munk]

actually, depending on what user your webserver runs as, you can get away with either 775 (this is what i'm doing) or 755, if the webserver process user owns the directories.

realistically, any directory that is both writeable and is not excluded from running scripts (perl,PHP, whatever) via httpd.conf is a security risk. The easiest way to solve that is just to exclude your /data dir from the directories allowed to execute scripts, so if someone did manage to upload a malicious script, the webserver would just treat it as a textfile and display it as plaintext rather than executing it.