Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Making files writable and unwritable


seCret steVe

Recommended Posts

Another idea that would be great are the files that need to be writable and not writable there should be a button right next to the button that says update or edit. And it should be make writable and if it is writable the button should be make unwritable. This would save time from running back and forth to the server and doing things like that. It will also save lots and lots of time for those that do alot of editting to there files.

 

Steve

Link to comment
Share on other sites

That is something that I would recommend doing on a testing server.

 

And you do not need to run about anywhere if you have a decent FTP program.

 

DO NOT try altering file permissions on a LIVE ecommerce website.

You are asking for trouble. Namely the fact if you forget to set the permission back correctly so you are in real trouble.

 

Get a test server, run all your upgrades, tests, implementation, hacks etc... from a test bed perspective.

 

Also - I dont see how you will gain server access via a file on your website. You need to be able to login to your server directly to be able to alter the permissions, you cant do that from a file on your site, even if it is in admin.

And if you can, or have, done this then it is not wise.

What if a hacker gets into your admin section, he could basically take over your server... The problems with this are endless.

 

CC.

Link to comment
Share on other sites

Personally I feel having the file manager in a live environment is not wise at all. Why risk trouble if you have SSH & FTP access?

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Indeed another very good point.

Hopefully if permissions are set correctly, even if someone does get in you can block them to a certain degree.

 

But that is a security risk all of it's own.

 

CC.

Link to comment
Share on other sites

What if a hacker gets into your admin section, he could basically take over your server... The problems with this are endless.

 

I think you're toast :onfire: regardless if someone finds access to the administration tool with or without a file manager.

:heart:, osCommerce

Link to comment
Share on other sites

I think you're toast :onfire: regardless if someone finds access to the administration tool with or without a file manager.

 

True but they can not 'take over' the server as easy without the filemanager/languagemanager. It's the write-access bit that scares me.

Defacing a site is nasty for the owners but is easily repaired. Having your server "owned" is a disaster (espec. on e-commerce boxes)

that can take quite some time to discover.

 

IMHO the webbased admin is a necessary evil anyway. :twisted:

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

True but they can not 'take over' the server as easy without the filemanager/languagemanager. It's the write-access bit that scares me.

Defacing a site is nasty for the owners but is easily repaired. Having your server "owned" is a disaster (espec. on e-commerce boxes)

that can take quite some time to discover.

 

Sorry to bring you in a nightmare, but I'd be more worried about the database backup manager than the file manager :eh:

 

A little deeper, the database backup restoration part :wow:

:heart:, osCommerce

Link to comment
Share on other sites

Now you made me cry Harald.

I never thought of that.... :oops:

 

<START INSOMNIA>

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...