Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Settings on configure.php


simrealitystudios

Recommended Posts

I just installed osCommerce, deleted the install folder, but am still left with this warning:

 

Warning: I am able to write to the configuration file: /customers/********.com/********.com/httpd.www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

How do I remedy this? Thanks

Link to comment
Share on other sites

yeah, it needs to be writable for the install, but after that no writing is necessary except for you. so you need to change the permissions on it. probably both catalog/includes/configure.php and catalog/admin/includes/configure.php

 

depending on your host and such, how you change it might vary. you probably want it set to 644, 6 means read/write for owner, 4 for read group, and 4 read world. So only the 'owner' of the file can write, everyone else can only read.

Link to comment
Share on other sites

yeah, it needs to be writable for the install, but after that no writing is necessary except for you. so you need to change the permissions on it. probably both catalog/includes/configure.php and catalog/admin/includes/configure.php

 

depending on your host and such, how you change it might vary. you probably want it set to 644, 6 means read/write for owner, 4 for read group, and 4 read world. So only the 'owner' of the file can write, everyone else can only read.

Both are already set to 644 yet I still get the warning. Any ideas?

Link to comment
Share on other sites

Some hosts require 444, or even 400.

 

Jack

Just take it out of the code so it doesn't display an error anymore. I don't know off the top of my head where it is, but I have found it. I would only do this if you can't change the permissions on the configure.php file. But it is easy to do, you just need to track down where it is. An easy way would be to find the english file with the text, make an error in it like put ' when you are not supposed to. Then run the program, see where it points you when the error comes up. It should point you the english file you tampered with AND to the other file that displays the warning message.

 

Ben Taylor

My Store: TradRack.com

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...