Writable Files and Directories Standard

Purpose:

This standard defines Web Services practice with respect to writable files and directories on web servers.

Brief Description:

To prevent malicious and unwanted content from being inserted onto one of our web servers, writing files directly to the web server is prohibited.

Details:

Writing files to the web server is prohibited. There are multiple database solutions available that should meet most needs for dynamic content.

If a non-privileged or anonymous user possesses the ability to write to disk on a web server, a serious security breach is usually not far off..”

Universities are by default targets, and bright people like new challenges. Errant code could easily allow any file or even a full website to be overwritten, hijacked, or defaced.

Additionally clustering is now a part of many of our environments. It is critical that no file writing take place as it causes data integrity issues as well as replication corruption. To maintain consistency across all platforms, file writing is prohibited.

1Hacking Exposed Windows Server 2003, Joel Scambray, Stuart McClure