Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Strange warning about uprotected config file


nordgard

Recommended Posts

I suddenly got a strange warning (colored in pink) in the upper part of my webshop window. It is visible to all useres and say:

 

"Warning: I am able to write to the configuration file: /home/mydomain/public_html/shop/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

I understand the message, but when I check the permissions on the file it was set to: OWNER-read-write-execute, GROUP:read, WORLD:read

That shouldn't be to any security risk?

 

Even if I removed the read permission to WORLD & GROUP I still have the message in the webshop window.

 

Why did I suddenly get this window, and why doesn't it go away when I remove/limites the problem that it informs me about?

 

I run a rather old version of osCommerce, don't remember the version number.

Config file say: Id: configure.php,v 1.12 2002/06/16 22:11:53 harley_vb Exp

 

PHP version is 4.3.9

 

Rune :'(

Link to comment
Share on other sites

have you added any contributions or made any changes before this happened?

It may also be that the file is not getting updated when you set the permissions.

Try copying the config-file and renaming the old one. Reset the permissions on the new file and test it again.

I had a problem with a file not setting it's permissions, when i did the above it worked. No idea why, but give it a try.

Also add the config file to the end of your browsers address bar and see if you can access it from the web and/or see what it says

 

 

Julian

A little knowledge is dangerous, I SHOULD KNOW.

If Life Begins At 40, What ends????

Link to comment
Share on other sites

I suddenly got a strange warning (colored in pink) in the upper part of my webshop window. It is visible to all useres and say:

 

This is the standard warning when the file catalog/includes/configure.php is writable. The permission for that file must be set to 400. If your site is on a Linux or Unix server, then FTP to the site, find the file, right click on it, select Operations --> FTP Commands--> CHMOD (Unix) and set the file permission to 400 (owner - read only). The warning should then disappear.

 

Vger

Link to comment
Share on other sites

have you added any contributions or made any changes before this happened?

It may also be that the file is not getting updated when you set the permissions.

 

I really don't know, we are more than one person that has admin access to the webshop. But I really guess that nobody exept me does anything more than regular trade issues on the board.

 

Thanx for giving us the advice !

 

Rune :)

Link to comment
Share on other sites

This is the standard warning when the file catalog/includes/configure.php is writable.? The permission for that file must be set to 400.?

 

-snip-snip-

 

Thank You for the advice. It helped. The warning message is now gone.

I still dont know what caused it though. Maybe someone changed something as mentioned earlier in Julian's answer.

 

Anyhow - Thanks to both of You that contributed so quickly. Great help !!

 

Rune :thumbsup:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...