OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki

PKP Support

Support forums for the Public Knowledge Project

Skip to content


Software Hosting and Development Services available at PKP Publishing Services

As the developers of Open Journal Systems, Open Conference Systems, Open Harvester Systems, and Open Monograph Press, the PKP team are experts in helping journal managers and conference organizers make the most of their online publishing projects. PKP Publishing Services offers support for:

As a customer of PKP Publishing Services, you will not only receive direct, personalized support from the PKP Development Team, but will be contributing to the ongoing development of the PKP applications. All funds raised by PKP Publishing Services go directly toward enhancing our free, open source software. For more information, please contact us.

The "Public" Folder -- A Security Issue?

Are you responsible for making OCS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, michael, John

Forum rules
What to do if you have a technical problem with OCS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.
Post a reply

The "Public" Folder -- A Security Issue?

Postby r2d2 » Tue Oct 13, 2009 2:42 pm

I have a quick question:

What should be the exact CHMOD number for the public folder (666 or 777)?

The reason I am asking this question is that we have used 777 for this folder, and we experienced a hacking attempt called "odmarco attack". The person(s) injected malicious *.php files in to the Public folder because it was wide open due to CHMOD 777. What is the main purpose this folder and what do we lose if we use CHMOD 666 instead?

Jason
r2d2
 
Posts: 32
Joined: Fri Aug 28, 2009 1:36 pm
Top

Re: The "Public" Folder -- A Security Issue?

Postby asmecher » Tue Oct 13, 2009 4:44 pm

Hi Jason,

It's never safe to use 777 permissions (or 666 permissions or anything with a global "write" permission). Different servers will have different configurations, so it's impossible for us to state definitively what permissions to use -- but in general, the account under which your PHP scripts runs should have write access to this directory. It's used to store journal logo images and similar things that are publicly available to readers.

There are lots of threads in the support forum on directory permissions -- I'd suggest reading those for more info.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 5769
Joined: Wed Aug 10, 2005 12:56 pm
Top
Post a reply

Return to OCS Technical Support

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group