Why leaving folders 777 ?

[Mohamed Esmat Farag]

Dear all,

I am new to this CMS, and hope you can help me.

I have a question about leaving all these folders open to the world, unlike some other CMSs that make them not writable after installation finished:

this is what the instructions here say:
http://www.prestashop.com/en/start_helper

While you have your FTP connected to your Web hosting server, make sure the following PrestaShop folders have ‘write’ permissions (also known as “CHMOD 777” – explanation of file permissions here) but do not apply these permissions recursively (to their subfolders): /config, /upload, /download, /tools/smarty/compile. Then make sure the following folders have ‘write’ permissions and apply these permissions recursively (to their subfolders): /img, /mails, /modules, /themes/prestashop/lang, /translations

Thank you for your explanation and help

[Mohamed Esmat Farag]

Should we leave all those folders open "for Editing!" to the world?
I think 777 here means: they can rename/delete/etc. right?

[Mohamed Esmat Farag]

well.. this is the 1st time in my 'installation' life with CMSs I don't see post-installation instructions on 'closing' files and directories by making them either 775 or 755 or 666, as I remember.

Even never saw once "777" !! Only 775 .. or 755 to get installation script work, then change to 666 / 664

I just did so, trusting it is a "more secured" system than OSCommerce. Which never left anything 777.

Is there anyone here from the development team to answer?

[kenza750]

I'm interested in this issue too. Someone's got an answer?

[bonbontamura]

me too. maybe someone from prestateam would so kindly to explain us?

[indus]

Mine is set at 755 , and they work damn good .

Strange that for a software popular like prestashop there is no proper security documentation.Alteast i didnt find it.

Final words :Only a fool will leave permissions at 777.Make it 755 after installation is over.Some files like htaacess or robots.txt are 644 .That is also important.

That prestashop wiki really needs to be updated with steps on securing the site once installation is over.

[bonbontamura]

Mine is set at 755 , and they work damn good .

Strange that for a software popular like prestashop there is no proper security documentation.Alteast i didnt find it.

Final words :Only a fool will leave permissions at 777.Make it 755 after installation is over.Some files like htaacess or robots.txt are 644 .That is also important.

That prestashop wiki really needs to be updated with steps on securing the site once installation is over.

are you sure? did you check that all your modules work properly?

[indus]

Mine is set at 755 , and they work damn good .

Strange that for a software popular like prestashop there is no proper security documentation.Alteast i didnt find it.

Final words :Only a fool will leave permissions at 777.Make it 755 after installation is over.Some files like htaacess or robots.txt are 644 .That is also important.

That prestashop wiki really needs to be updated with steps on securing the site once installation is over.

are you sure? did you check that all your modules work properly?

Not only do they work, the newer modules i install from the admin interface also work just fine.