sweetyjenny Posted January 15, 2007 Share Posted January 15, 2007 Hi. I'm Jenny. I need some help. I just recevie a message after successfully installed the osecommerce. The messages goes : Warning: I am able to write to the configuration file: /home/content/m/i/c/mickng73/html/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. What do I do next? :blink: Then how do you .htacess your /catalog/admin directory so that it is password protected? :blink: Sorry. I know - this is kinda spoon feeding. Link to comment Share on other sites More sharing options...
natewlew Posted January 15, 2007 Share Posted January 15, 2007 You need to change the perrmissions on the /catalog/includes/configure.php to 644 with your ftp client or your hosting company's control panel. 6 Owner (you) can read and write. 4 Group can read 4 Others can read About the .htaccess. Your are going to have to search google for htaccess password protect. It's not to tough. http://www.google.com/search?q=htaccess+password+protect Other great Open Source (Free) programs: (Free as in free speech not free beer) The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS How do I find these programs? Google Search! Link to comment Share on other sites More sharing options...
sweetyjenny Posted January 15, 2007 Author Share Posted January 15, 2007 Thank you very much. Will buy you a cup of coffee L8R in <is not appreciated> :) Link to comment Share on other sites More sharing options...
Guest Posted January 15, 2007 Share Posted January 15, 2007 Hi. I'm Jenny. I need some help. I just recevie a message after successfully installed the osecommerce. The messages goes : Warning: I am able to write to the configuration file: /home/content/m/i/c/mickng73/html/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. What do I do next? :blink: Then how do you .htacess your /catalog/admin directory so that it is password protected? :blink: Sorry. I know - this is kinda spoon feeding. Hi, This is one of my first posts here. In factm I found this somewhere around. Sorry, I dont remeber where. You will need to edit "catalog/includes/header.php" FIND: (around line 20 in vanilla) // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } REPLACE WITH: // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')& 18) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } Thank you. John Retail Consultant Dream! till you acheive. Try! till you succeed. Link to comment Share on other sites More sharing options...
sweetyjenny Posted January 15, 2007 Author Share Posted January 15, 2007 ooh..ok. Thank you very much. I think I will buy you dinner at <is not appreciated> cause I went thru all the config.php and its all in 644 and the image is kinda stretch :blink: . Link to comment Share on other sites More sharing options...
par Posted January 15, 2007 Share Posted January 15, 2007 msr9 is simply telling you to modify the source code, that is not a proper solution, since the config file still remains exploitable. I did a chmod 644 configure.php on it and the problem went away. Link to comment Share on other sites More sharing options...
sweetyjenny Posted January 15, 2007 Author Share Posted January 15, 2007 ooh ok. Thanks Par Link to comment Share on other sites More sharing options...
Guest Posted January 15, 2007 Share Posted January 15, 2007 Editing the source still remains the best option if chmod doesnt work. (I am saying this after after several osC installations...) However, if chmod works fine, you wont need to edit anything. My post applies to only those situtations where chmod failed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.