session_save_path folder needs to be 777?

[Falesh]

I've just started using Zend_Session (part of the Zend Framework) and one of the things it requires is for session.save_path to have a value. I created a session folder (outside of my web root :p) and set session_save_path to point to it, but the only way I could get it to work was by setting the folder's permissions to 777. It makes me nervous setting a folder with sensitive data to 777 so I would appreciate it if someone could tell me that this is what it is supposed to be?

Cheers!

[kev woodman]

I don't use the Zend framework but try setting permissions to 660 and see if that works. If not try 770 but if it does you could try removing more permissions until something stops working

[Falesh]

Thanks for the reply,

I'm setting the folder with "session_save_path()", I tried different permissions, 770 & 775, but it only works with 777.

I have however found out about storing sessions in MySQL which looks like it could be a very secure option.

[kev woodman]

If it's outside of your Web root you should be pretty secure anyway - after all unless you are using HTTPS all of your data is being sent across the network unencrypted anyway.

[Falesh]

Quote:

after all unless you are using HTTPS all of your data is being sent across the network unencrypted anyway.

True, I get a bit paranoid about security, especially with something I don't fully understand.

This article got me up and running with MySQL sessions, now that I have it working I might as well use it.

[Administrator]

It wont make any problem even if you set 777 permission for any of the directories inside public_html ( linux ) or htdocs ( windows ). We have some good security settings to prevent anyone from injecting contents inside 777 permission directory. If you are stuck with some technical stuff then its better to get help from one of our system admins from our helpdesk ( http://support.webhosting.uk.com )