First of all, I understand why the directories that hold the photos are with 777 permission - to allow users upload the photos.
However, I got several emails from our hosts saying something like this:
While looking through your account I was able to locate 24,195 files and |
folders set to permission 777 and 107,020 files and folders set to permission
666. This as you may well know is a fairly serious problem.
"Beware 666 and 777 Biblical implications aside, setting permissions to
666 or 777 will allow everyone to read and write to a file or directory. Such
settings as these could allow tampering with sensitive files, so in general,
it's not a good idea to allow these settings."
They are referring to the directory and files under /data/ folder.
Also I found that my index.html page was hacked. With so many folders under /data/, I am a little worried.
I am not knowledgable at this. But I would like to bring this up for discussion and hear some feedback from photopost team on their view on permission security concern.