Hello all,
I did a considerable search of the forum and didn't find an answer so I'll ask it here. For clarity's sake I'll state that I know just enough about Unix to be Dangerous (I'm an old Clipper, VO, ASM programmer from the 80's.)
I would like to install PHP driven CMS program to my webserver (iPowerWeb hosted) called SnippetMaster (
http://www.snippetmaster.com/) to allow my business partner the ability to modify webpages without messing up the core file templates (I use includes for dynamic content) but one of the requirements of SnippetMaster is that I must chmod 666 or 777
ALL of the files in ../public_html directory that I want my partner to be able to modify. It doesn't require that I chmod 777 the directory it self.
They (
http://www.snippetmaster.com/) openly claim and challenge anyone to prove them wrong that chmod'ing files with 777 in the public html directory is safe as long as my server is secure, they claim that only a person who can
"log on" to my server and
who has access to my root directory can overwrite an existing .shtml or .html file (such as index.shtml) or overwrite an existing PHP script with a potentially hazardous one and execute it. I don't believe this, I have a very strong feeling that this is patently wrong but after Googling for the last 2 hours I have found answers that both support and discourage this practice so I thought I'd ask the experts.
1) Is chmod'ing "files" in ../public_html to 777 or 666 a safe practice?
2) Can files be over written by people surfing the web (exmp: and simply using composer to edit then save the file back to the server?)
Please explain how this works if it is in fact a safe practice...
Your help would be greatly appreciated.
Best regards,
Gary