GESIOR AAC [Important, for everybody]

[Axelor]

Hello otlanders,

I was wondering,
if someone is using Linux ubuntu, or other linux versions. And they dont use the 777, but the other code, for Only reading!

Than people are still able to hack easy Gesior, or its harder?


Can someone make some explains etc

 

[Cykotitan]

I don't think it really makes a difference, and it wouldn't if there's a bug in the php scripts.

 

[Axelor]

I don't think it really makes a difference, and it wouldn't if there's a bug in the php scripts.

but people hack trough the bad scripts of gesior right?
but if they only read, how they can do anything?
so u have to put 444 on all files
than its kinda more impossible to hack..

 

[Piltrafa]

GesiorACC only can be deleted your htdocs folder, copy them and you have right security.

 

[Axelor]

GesiorACC only can be deleted your htdocs folder, copy them and you have right security.

I dont really understand what u mean..
could u tell me more info

 

[Pietia]

The diffrance is that the hacker will be unable to delete your gesior files if they will be read only for your user.

 

[Cykotitan]

Why would he delete them? If there's a vulnerability or exploit in the script that accepts user input, there isn't much you can do with permissions to prevent SQL injections or XSS.

 

[Pietia]

Why would he delete them? If there's a vulnerability or exploit in the script that accepts user input, there isn't much you can do with permissions to prevent SQL injections or XSS.

that's the diff nothing else it doesn't protect you from hackers in any way.

 

[Axelor]

so making chmod 444 doesnt make any difference?

 

[Pietia]

Not really it's more used to protect hackers from deface your site fe. if your site is under chroot enviorment . So the hacker will not be able to do almost anything even if he will find some leak in your code (except sql injections and maybe some other attacks)...

 

[Cykotitan]

Yeah that'll protect against some PHP code executions.