security - Linux SECURE WEB FILES:preferred file privileges for web files/directories -


what web (what html, shtml, css, js, pl, py, php , included php files) file permission highest security permission can give above files (where 755, 644) , directories(in localhost e.g.:www,www/css, home/gregor/.silly/.idonotwanttonamethatdirpasswordsbutthatsit)?

can remove -x 600 privileges on subdir .silly? know must not on www or www/css , suppose can not remove -x 600 on subsubdir .idonotwanttonamethatdirpasswordsbutthatsit?

is there difference if php file included in file , not called anytime directly? can set privileges in such files -x 644 or must 755 too?

is more secure put .passwords in out of web dir mean localhost path in 1 hidden sub dir or same if put in localhost/.ha/.whateversubdirpassword?

what privileges system check if can display/execute file when smbd computer accesses via net index.php or index.html? (and matter if server needs process file? mean .php ...) or put in group user belong - anonymous users have group id, lets "1111"? thanks, gregor slovenia


Comments

Post a Comment

Popular posts from this blog

javascript - Bootstrap Popover: iOS Safari strange behaviour -

i looking through twitter bootstrap documentation, , i'm interested in implementing dismissible popover when button clicked. here example bootstrap's docs: http://getbootstrap.com/javascript/#dismiss-on-next-click when press "dismissible popover" button os x safari browser works fine. when access same link above ios safari, button not work. is, popover not dismissed on click. why button not working ios safari? the example linked using data-trigger="focus" attribute. try changing data-trigger="click" . <a tabindex="0" class="btn btn-lg btn-danger" role="button" data-toggle="popover" data-trigger="click" title="dismissible popover" data-content="and here's amazing content. it's engaging. right?">dismissible popover</a>
Read more

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

session - Logging Out Using PHP -

i have seen other programs regarding can't seem make work. doing wrong? want achieve after user logged out, going previous pages become restricted. i have 3 php files: 1. sample.php - main page username , password filled in 2. successful.php - user's page after logging in 3. logout.php - destorys session hinder user access pages after logging out sample.php </html> <form action="" method="post"> <table> <tr> <td>username:</td> <td>password:</td> </tr> <tr> <td><input type="text" name="username"></td> <td><input type="password" name="password"></td> </tr> <tr> <td><input type="submit" value="submit" name="submit"></td> </tr> </table> </form> </html> <?php $servername = "localhost"; $username = ...
Read more