Folder permissions

[Hans]

Whatever is causing the security holes (hardware, software, bad set up etc) is not important. What is important is to be aware of the risks, and try to minimize that as much as possible. I am not a html, security or apache pro, which makes it even more important to realise that. For me, that's a reason to host my site with a professional hoster in stead of from my home. I tested it, it works from my home but I just don't have enough experience to make sure everything is safe.

Pixelpost is excellent software. For me, it blew new life into an old hobby.

I just wasn't sure about the folder settings, and my feeling appeared to be correct. Schonhose, thanks a lot for this FTP add-on, it makes me sleep better!

[GeoS+]

My suggestion for devs (hehe, for myself too) is to add warning somewhere in admin panel about risk of using 777 when there is no limitation where the scripts can be executed. Making it cleaner - hoster can limit enviroment of script to account of user (using one directive in config files of webenv) and when there isnt such solution and user has got folders with permissions 777 then there should be a warining.

Few of this php enviroment settings are:
open_basedir
user_dir
upload_tmp_dir
safe_mode_exec_dir
safe_mode_include_dir