guyzys Posted May 30, 2007 Share Posted May 30, 2007 I've decided to start fresh on a hosted online server. After installing I encounter these 2 security issues: 1. I'm still receiving this message: "Warning: I am able to write to the configuration file: ***/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file." I tried changing the permissions to both 644 and 444, yet I still get this message. 2. I have set the ../catalog/admin/ folder as protected(.htaccess) and set a user name and password. Where should I be prompted for the credentials, since it seems like I can easily go into the admin panel without entering anything. Link to comment Share on other sites More sharing options...
web-project Posted May 30, 2007 Share Posted May 30, 2007 1. I'm still receiving this message: "Warning: I am able to write to the configuration file: ***/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file." I tried changing the permissions to both 644 and 444, yet I still get this message. some php configurations on webhosts for some reason ignore the permission (chmod) mask, in this case you need edit the following file /shop/public_html/includes/header.php find: // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } change to: /* // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } }*/ 2. I have set the ../catalog/admin/ folder as protected(.htaccess) and set a user name and password. Where should I be prompted for the credentials, since it seems like I can easily go into the admin panel without entering anything. if you correctly set-up it, every time you go to www.domain-name.com/shop/admin it will prompt to enter username & password Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.