ajpeters Posted May 9, 2008 Posted May 9, 2008 From what I see, I have to set some permission to 777 (images?) Is this so. I am nervous about that. Is this corect If not what should I do? I have the same problem updating the main page in bts template system. Please advice. John
America-Warehouse.com Posted May 9, 2008 Posted May 9, 2008 From what I see, I have to set some permission to 777 (images?) Is this so. I am nervous about that. Is this corectIf not what should I do? I have the same problem updating the main page in bts template system. Please advice. John I've set my /catalog/images 777 without a problem.. {-- RJ --}
ajpeters Posted May 9, 2008 Author Posted May 9, 2008 I've set my /catalog/images 777 without a problem.. What if a hacker uploads a index.html that allows movie uploads ans=d downloads.
♥GLWalker Posted May 9, 2008 Posted May 9, 2008 It depends on your server. I set mine to 775 without any issues(creating auto thumbnails). For a bit of security you could place an index file with a redirect in the folder. Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
America-Warehouse.com Posted May 9, 2008 Posted May 9, 2008 What if a hacker uploads a index.html that allows movie uploads ans=d downloads. Wonder how would hacker u/l ? {-- RJ --}
♥GLWalker Posted May 10, 2008 Posted May 10, 2008 What if a hacker uploads a index.html that allows movie uploads ans=d downloads. Then delete it. Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
meadtj Posted May 10, 2008 Posted May 10, 2008 I set mine to 555 because for some reason when I use export/import CSV module, my pictures get deleted. That was the only way I could stop them from getting deleted while still allowing people to view my pictures.
ajpeters Posted May 11, 2008 Author Posted May 11, 2008 Then delete it. And if this happens on Friday of Memorial day, I come back Monday. My site is turned off because, my bandwidth was used up at 3 AM on Sat. This is the voice of experience. I could write a routine the checks my directories ever x minutes for suspicious files.
Guest Posted May 11, 2008 Posted May 11, 2008 And if this happens on Friday of Memorial day, I come back Monday. My site is turned off because, my bandwidth was used up at 3 AM on Sat.This is the voice of experience. I could write a routine the checks my directories ever x minutes for suspicious files. permissions need to be set to 777 on images so you can upload product images. the above is due to bandwidth restrictions PM me and i will give you details abount getting more bandwidth without you nsite being closed down.
ajpeters Posted May 12, 2008 Author Posted May 12, 2008 permissions need to be set to 777 on images so you can upload product images. the above is due to bandwidth restrictions PM me and i will give you details abount getting more bandwidth without you nsite being closed down. For a price. For now I will live with the 777y. I still think it is a security hole that needs to be patched. John
Guest Posted May 12, 2008 Posted May 12, 2008 For a price. For now I will live with the 777y. I still think it is a security hole that needs to be patched. John It is an industry standard if you are going to or want users to add information/images etc to a file on your website then the permission is to be set to 777, which allows information to be added to that particular folder only, this does not aalow changes to be made to any system files/folders unless you have set these to 777. Fors system files/folders then these should be set to either 755 of 644
ajpeters Posted May 12, 2008 Author Posted May 12, 2008 It is an industry standard if you are going to or want users to add information/images etc to a file on your website then the permission is to be set to 777, which allows information to be added to that particular folder only, this does not aalow changes to be made to any system files/folders unless you have set these to 777. Fors system files/folders then these should be set to either 755 of 644 It is still a security hole, industry standard or not. It might be fixed with an htaccess or switch from html upload to an ftp upload. Adds administrative hassles, but would cut down on other problems.
ajpeters Posted May 12, 2008 Author Posted May 12, 2008 Wonder how would hacker u/l ? Know the structure of OScommerce. write script that does uploads and upload. Not even a hard High School exercise. a
ajpeters Posted May 12, 2008 Author Posted May 12, 2008 From what I see, I have to set some permission to 777 (images?) Is this so. I am nervous about that. Is this corectIf not what should I do? I have the same problem updating the main page in bts template system. Please advice. John Which file or directory do I have to set permission for the basic template system. ? I get unwritable file when I try to edit.
Guest Posted May 12, 2008 Posted May 12, 2008 Which file or directory do I have to set permission for the basic template system. ? I get unwritable file when I try to edit. whatever file you are trying to edit, change permission to 777, then do your editing, then change permissions back to whatever they were before the change.
ajpeters Posted May 12, 2008 Author Posted May 12, 2008 whatever file you are trying to edit, change permission to 777, then do your editing, then change permissions back to whatever they were before the change. And the file is? BTS I am used to simple template system/
Guest Posted May 12, 2008 Posted May 12, 2008 And the file is? BTS I am used to simple template system/ Never used BTS so cant help
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.