OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



The "Public" Folder -- A Security Issue?

Are you responsible for making OCS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, michael, John

Forum rules
What to do if you have a technical problem with OCS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.

The "Public" Folder -- A Security Issue?

Postby r2d2 » Tue Oct 13, 2009 2:42 pm

I have a quick question:

What should be the exact CHMOD number for the public folder (666 or 777)?

The reason I am asking this question is that we have used 777 for this folder, and we experienced a hacking attempt called "odmarco attack". The person(s) injected malicious *.php files in to the Public folder because it was wide open due to CHMOD 777. What is the main purpose this folder and what do we lose if we use CHMOD 666 instead?

Jason
r2d2
 
Posts: 32
Joined: Fri Aug 28, 2009 1:36 pm

Re: The "Public" Folder -- A Security Issue?

Postby asmecher » Tue Oct 13, 2009 4:44 pm

Hi Jason,

It's never safe to use 777 permissions (or 666 permissions or anything with a global "write" permission). Different servers will have different configurations, so it's impossible for us to state definitively what permissions to use -- but in general, the account under which your PHP scripts runs should have write access to this directory. It's used to store journal logo images and similar things that are publicly available to readers.

There are lots of threads in the support forum on directory permissions -- I'd suggest reading those for more info.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8902
Joined: Wed Aug 10, 2005 12:56 pm


Return to OCS Technical Support

Who is online

Users browsing this forum: No registered users and 2 guests