Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Issues After Installation


guyzys

Recommended Posts

I've decided to start fresh on a hosted online server.

 

After installing I encounter these 2 security issues:

 

1. I'm still receiving this message: "Warning: I am able to write to the configuration file: ***/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

I tried changing the permissions to both 644 and 444, yet I still get this message.

 

2. I have set the ../catalog/admin/ folder as protected(.htaccess) and set a user name and password. Where should I be prompted for the credentials, since it seems like I can easily go into the admin panel without entering anything.

Link to comment
Share on other sites

1. I'm still receiving this message: "Warning: I am able to write to the configuration file: ***/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

I tried changing the permissions to both 644 and 444, yet I still get this message.

 

some php configurations on webhosts for some reason ignore the permission (chmod) mask, in this case you need edit the following file /shop/public_html/includes/header.php

 

find:

// check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
  $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
}
 }

 

change to:

  /* // check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
  $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
}
 }*/

 

2. I have set the ../catalog/admin/ folder as protected(.htaccess) and set a user name and password. Where should I be prompted for the credentials, since it seems like I can easily go into the admin panel without entering anything.

 

if you correctly set-up it, every time you go to www.domain-name.com/shop/admin it will prompt to enter username & password

Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...