Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Error Message - Security Risk


bradybarrows

Recommended Posts

I have read what to do about this error message:

 

Warning: I am able to write to the configuration file: /kunden/homepages/43/d101564082/htdocs/oscommerce_rosaceans/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

The instructions say:

 

4. Make sure that the permissions on all of the folders are set to 755, and if that does not work then set them to 777. Make sure that the includes/configure.php file and the admin/includes/configure.php file are set to 777 for the duration of the install. Once the install is complete reset to 644, 444, or 400 depending on your server setup.

 

I have gone to both the includes/configure.php file and the admin/includes/configure.php file but don't see anything to change: Here is what both these files show:

 

includes/config.php

 

<?php

/*

$Id: configure.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

admin/configure.php

 

<?php

/*

$Id: configure.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', ''); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', '');

define('HTTPS_CATALOG_SERVER', '');

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

 

What do I change, where? Thanks.

Link to comment
Share on other sites

I have read what to do about this error message:

 

Warning: I am able to write to the configuration file: /kunden/homepages/43/d101564082/htdocs/oscommerce_rosaceans/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

The instructions say:

 

4. Make sure that the permissions on all of the folders are set to 755, and if that does not work then set them to 777. Make sure that the includes/configure.php file and the admin/includes/configure.php file are set to 777 for the duration of the install. Once the install is complete reset to 644, 444, or 400 depending on your server setup.

 

I have gone to both the includes/configure.php file and the admin/includes/configure.php file but don't see anything to change: Here is what both these files show:

 

includes/config.php

 

<?php

/*

$Id: configure.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

admin/configure.php

 

<?php

/*

$Id: configure.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', ''); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', '');

define('HTTPS_CATALOG_SERVER', '');

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

 

What do I change, where? Thanks.

All you need to do is change the file attributes on the files. Sometimes, using your ftp program you can right click on the file and go to properties.

Link to comment
Share on other sites

All you need to do is change the file attributes on the files. Sometimes, using your ftp program you can right click on the file and go to properties.

 

I have Dreamweaver CS3 and checked the page properties and didn't find anything I could change. I realize that this seems simple to do, but I am having a problem understanding permissions. I found one thing, title/encoding that says the document is XHTML 1.0 transitional but that doesn't have any way to change the permissions. I am assuming you mean the file configure.php.

 

I need some basic 101 with permissions. I don't have a clue what this means. I appreciate your help.

Link to comment
Share on other sites

You can set file permissions through your web host's cpanel.

 

File permissions -> http://www.linuxforums.org/security/file_permissions.html

 

FTP screenshots -> http://www.stadtaus.com/en/tutorials/chmod...permissions.php

 

Wow! You did it. That was what I needed. The stadtaus.com explanation was the ticket. Thanks so much. I really do appreciate the help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...