The 0777 value specifies that the new file we create should have complete file permissions, which is a good default setting if you're not sure what other permissions should be set.
This is an insecure practice, as applications should almost never give execute permissions to a user upload.
In this case, the user is uploading image files, which don't need execute permissions. A more sensible bitmask would be 0664 (rw-rw-r--).
Chapter 3 applies a bitmask of
0777to user uploads.https://github.com/matryer/goblueprints/blob/aae50b4b30fa6dfd73e3c411b3bfe1972294be61/chapter3/chat/upload.go#L24
Worse, the book includes this advice to readers:
This is an insecure practice, as applications should almost never give execute permissions to a user upload.
In this case, the user is uploading image files, which don't need execute permissions. A more sensible bitmask would be
0664(rw-rw-r--).