Of course, a sometimes serious drawback to having the scripts create the directories and files is that, if you need to access/move files manually, you may not be able to. I struggled with this issue for quite a while, until I hit upon the idea
of setting my data files to 666, the directory to 711, and putting both in a place inaccessable to the web. Since the cgi script runs on the server, but many of the security risks are reduced by placing the world-writable files in a
in reply to Re: Yet Another Security Question
in thread Yet Another Security Question
Just my 2¢
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.