security concern with 777
« on: July 12, 2010, 10:30:26 PM »
I was reading a post here on the dangers of 777 permissions : [ External links are visible to forum administrators only ]

This has gotten me concerned about the data folder permissions set to 777.  Can a dev/admin please speak to this point and are there any plans to change the code to allow for a more secure folder setting?

Thanks,
Corina
Re: security concern with 777
« Reply #1 on: July 13, 2010, 11:27:25 AM »
Hello,

there is an .htaccess file included in data/ folder with "deny from all" directive, so all requests to that folder are blocked and it is used as logs storage only.
Re: security concern with 777
« Reply #2 on: July 13, 2010, 03:49:35 PM »
Ahh.  Thanks. That makes sense.