14.9. Securing Files on Your Web Server
File security plays an integral part in web security. If your server allows too lenient of permission to files such as scripts, then you are opening yourself up to a wide range of attacks. This includes HTML files and CGI scripts.
Files located in standard web directories are typically assigned permissions of 744 (again, for more information on permissions, see Chapter 4), which gives the everyone user (unauthenticated web visitors are assigned to the everyone group) read-only access for HTML files. One exception to this would be files that have to be rewritten and updated by a script. In that case, apply the 766 permission level to both the directory and the file, but only after making sure that there ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
