Originally posted by amaru21
Having the directories set to 0777 is a security risk. I have set those Joomla directories to 0777. I then create a simple PHP script within another virtual site on the same server. In that PHP file I can put commands that have full access to those directories. I can delete/create/modify files with no problems. This is a huge security risk if you ask me.
First, you have to know how to do that, second you have to have access to another virtual site on the server.
I have to tell you, that if you have someone else that has access to another virtual site on your server, and they hack a Joomla install(or any other PHP script) on one of your sites, that's very easy to take care of. You simply identify them and have them arrested.
Personally, I have to also add that I have several clients, and resellers on a server I own and control. If I found one of my clients or resellers was atttempting to hack/exploit another site on the server that doesn't belong to them, I would not hesitate to file charges.
Now, if this is a matter where you are a reseller on someone elses server that has multiple other resellers, the responsibility falls back to the server owner to prevent this kind of idiotic hacking attempt. It's easily monitored, and quickly tracked back to the point of origin.
If you are renting space on someone elses server and only have one or two domains, you probably shouldn't be interested in attempting to run Joomla.
The latest version of Joomla is far more secure even with folders set to 777 than the application vault install of Mambo.
And Joomla will run if you set those folders back to 555, you just can't install modules, or make certain other changes.
Believe me, I'm very concerned about security, but it's easy to go overboard with Joomla and break it. The new version has a very nice .htaccess file and the ability to turn off register_globals, so a lot of this is no longer a concern.