Is setting the uploads folder 777 permission secure?

Question

I have seen a lot of upload forms hacked, and some had some really good security checks of the file being uploaded (at least I think so), but still somebody managed to uploa

Answer 1

You don't need and shouldn't have a 777 permission on an upload folder. It should be enough to have it only read and writeable for the user the Webserver is running in (with apache/debian usually www-data). Additionally you should turn off (e.g. via .htaccess) anything you don't want to happen in this folder, like executing PHP scripts (so even if it happens that a user uploads a PHP it can't be executed). HTTP PUT doesn't change your 777 problem, cause the file will still be there after it has been uploaded.