Quote:
Originally Posted by sortie
Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.
I would like to know this.
Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.
I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.
|
It's all about maximum security.
The reason you always set permissions as low as possible is so that, for example, you have some added security against badly written scripts.
Every programmer knows, or should know, that mistakes can and will slip through. By using security at every level, you can prevent those mistakes from becoming disasters.
You use low permissions for the same reason you don't keep unencrypted user passwords in your database: to make sure that if someone manages to slip through, he can do as little as possible.