1
In the Cake documentation, it indicates there you should only have this folder visible to everyone. How can you do that? This protects my application’s code from being tampered with?
1 answer
2
webroot
The briefcase webroot automatically visible to all.
If you watch us .htaccess from Cakephp, you’ll see that in the end everything is redirected to.
And as you must surely know, if you access for example:
You will have the return of the file quietly, IE: everyone has direct access.
permissions
Now, as for permissions, I usually know the following:
- 770 =
app/tmp - 770 = uploads folder
- 660 = the rest of the files
To add these permissions do the following:
chmod -R 660 /var/www/pasta_do_seu_site/
chmod -R 770 /var/www/pasta_do_seu_site/app/tmp/
chmod -R 770 /var/www/pasta_do_seu_site/app/webroot/uploads/
Change /var/www/pasta_do_seu_site/, by the correct directory of your server/machine.
chmodis the command responsible for applying permissions on Linux-Rmeans recursively
If on the server you only have access to Cpanel, there is the possibility to go to Folder explorer/Navigator and set the permissions of each folder manually and/or recursively.
Be absolutely sure of the folder that you reported to have no problems.
In general it means that:
tmpanduploadsneed to have permission to write, read and execute- The rest of the files need only read and write
- In both cases, only the server user and/or belonging to its group can do so. Any other user cannot.
I believe that’s it.
Any questions leave a comment.
Browser other questions tagged cakephp security-guard
You are not signed in. Login or sign up in order to post.
How can I add these permissions?
– SunT
I edited the answer.
– Patrick Maciel