Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security of chmod 404


RBaxter

Recommended Posts

Hi all. I've had to reinstall a shop onto a different server. The configure.php files in includes and admin/includes used to be chmodded to 400 for security reasons. However, for the life of me I can't get my new server to work with this; it requires 404. Now, I'm new to adminstering my own server so I'm probably doing something wrong in that end, but I was wondering if anyone know whether it was safe to have these files set to 404? Since they have things such as database passwords etc stored in them, I don't want anybody out there getting their mits onto them!

 

Thanks for your help in advance,

-R

Link to comment
Share on other sites

Hi all. I've had to reinstall a shop onto a different server. The configure.php files in includes and admin/includes used to be chmodded to 400 for security reasons. However, for the life of me I can't get my new server to work with this; it requires 404. Now, I'm new to adminstering my own server so I'm probably doing something wrong in that end, but I was wondering if anyone know whether it was safe to have these files set to 404? Since they have things such as database passwords etc stored in them, I don't want anybody out there getting their mits onto them!

 

Thanks for your help in advance,

-R

 

Hi I'd be interested in the answer to this, if the config.php does contain passwords why does the docs suggest 444, granting everyone read access? sure there's a obvious answer, but i'd be interested to know what it is!

Link to comment
Share on other sites

400 is user read only

404 is user + world read only

444 is user + world + group read only

 

644 is user + world + group read only AND user write

 

400 would be ideal but on some servers will throw a 404 error

most would go for 444 but a lot must also settle for 644 which while not perfect is OK.

 

No one will be able to read a php file from a browser as php is taken from the server and passed to the php engine to read then pass back to the server for decoration (html etc)

so unless some actually get a hold of your file and can open it then its safe.

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...