 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Sat, Sep 28, 2013 at 05:38:38PM +0000, Eric Chadbourne wrote: > Hi All, > > Got a basic question for you. On web servers I usually set files to > 644 (-rw-r--r--). A designer I'm working with keeps leaving files > (-rw-r--r-x) with the last being execute. Is this bad? Why? Yes. The executable flag means that the file is a script or binary that a user should be able to execute. That means that any file which can be overwritten by the web server via user input is immediately available to execute via some other vulnerability. In any case, your designer should never have access to production systems. They should upload to a configuration management system or a QA system, and then your ops people should promote the QA-approved files to production. In very small operations, the QA approval process looks like this: Designer: I put the changes you wanted on the QA server. Client: I looked at them and they seem right to me. -dsr-
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
