Is it dangerous to change the file permissions on a folder on your website to 777?
nope.
Wanna link me to your server?
>>56663594
Security is an interesting beast because some things aren't dangerous alone but when mixed with another mistake become awful security holes.
Changing a folder to be 777 means anyone can write to the folder IF they have some way to tell the server that they want to write to it. So if you only access the server locally (via a keyboard and monitor) and there's no SSH or FTP server running, odds are no one will be able to write files even though the folder says they have permission to.
But if you install an FTP server, many FTP servers have an "anonymous" user enabled by default. The anonymous user has no permissions EXCEPT those granted to "everyone". Meaning someone could then log into your server and start editing and writing files.
You might think "that's not so bad... it's a subdirectory on my web server where I'm temporarily storing uploads -- it's not like they can edit my site". But what if your site has PHP enabled? They could then upload a PHP script and run it, and that would run under the Apache user: not the anonymous user. Now with a cleverly crafted script they can edit your website.
Then you may wonder why someone would even want to edit your website. Well suppose they inject javascript onto the page that starts popping up ads like crazy. They don't care if your SEO rank falls: they just got paid for thousands of ad views.
For BEST security, start with 400 (you can read but not write or execute) and add permissions only as necessary.
As mentioned by >>56663741 it can be a problem mixed with other issues.
A long time ago I had a wordpress install compromised. The way the guy got in was by exploiting an extension to make modifications to the site theme on disk. If that folder hadn't been user-writable, the guy wouldn't have been able to do anything.
>>56663772
>>56663799
haha oh no, did they they take down the server?
>>56663663
here's the ip 127.0.0.1
>>56664198
You are gonna regret that kiddo
lmao nerd faggots
just chmod -R 777 /
poof all problems gone