What are the .htaccess permissions that need to be modified by its sister application?

397    Asked by AmitSinha in Cyber Security , Asked on Feb 3, 2022

The .htaccess in our application has 777 permissions because a sister application needs to write to it. How is htaccess with 777 permissions bad for security? What will be considered a more secure alternative? 

Answered by Andrea Bailey

Yes, XX7 is very bad for security, it gives read, write and execute access to all users and should be avoided unless absolutely necessary. A malicious user could use the .htaccess file to get a malicious or sensitive file to become visible to the web interface. Then, using the web interface user (who may have elevated privileges) the malicious actor could perform actions under that context. If you can get the sister application and the .htaccess file to have the same owner/runner then 700 should work, otherwise try to get them into the same group and have 770.Obviously the more users with write access to a file the less secure it is.If some level of access ( > 0) is required for .htaccess permissions, consider:

  • 1 (execute)
  • 4 (read)
  • 5 (read and execute)



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com