Guest Posted April 22, 2006 Posted April 22, 2006 Hi, I have this message on my admin site: You are not protected by a secure SSL connection. Is this the reason why i have this message on my web site? : Warning: I am able to write to the configuration file: /customers/vicla.net/vicla.net/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. How do i fix this? Please instruct me step by step. This is my first time dealing with web sites. BR Victoriap
glamourfish Posted April 22, 2006 Posted April 22, 2006 Maybe you need to get something like a secure certificate - not 100% sure....I'm still getting to that part myself! if at first you do succeed...try not to look surprised!
stevel Posted April 22, 2006 Posted April 22, 2006 The first message is likely because you used a http (not https) URL to open the admin page. However, I have found that on some web hosts, the test the admin page makes to display that message is not reliable. I would ignore it and instead rely on the browser telling me if the page was secure or not. By the way, I recommend setting the value of HTTP_SERVER in the admin's includes/configure.php to be the https URL base so that all admin pages are accessed by https. This of course assumes that you have an https URL you can use - either through installing your own certificate, if your host allows, or using your host's shared SSL URL. The second message is telling you to change the protection of configure.php (there are two of them, similar but not identical), to something that does not allow writes by a script. 400 is the protection I use, but this can vary by host. See my Protection of Configuration contribution (link below) for a handy add-on to make protecting and unprotecting the configure.php files easy. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description
rmahawaii Posted April 22, 2006 Posted April 22, 2006 Maybe you need to get something like a secure certificate - not 100% sure....I'm still getting to that part myself! my site car-gym.com is hosted on Yahoo. It provides a Shared SSL Cert. Yahoo said the only way to use SSL is to put the files into \SSL directory. I have tried to copy the entired \Admin folder into this \SSL directory and amended the configure.php properly. However, when I enter into the admin site, https://s.hostingprod.com/@car-gym.com/admin.index.php, it saids: You don't have permission to access this URL on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Anyone can help with this problem? Thanks in advance.
AlanR Posted April 22, 2006 Posted April 22, 2006 Better you bail on Yahoo but go ahead and read this: http://www.oscommerce.com/forums/index.php?sho...50entry745350 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.