Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

setting permissions


Guest

Recommended Posts

Hi all,

After having my old 2.x site hacked I have upgraded to 3.0.1 and started over.

I'm going through now & wanting to make sure I don't get any problems this time around so want to get the permissions & security setup right.

By default pretty much all of the directories seem to be set to 755, but the Security Directory Permissions tool in my admin panel seems to think they are all writable? The problem I am having when I try to change any permissions is that I am then locked out of my admin panel.

I've read through some of the posts on here suggesting that all files should be set to 644 etc, but as soon as I do that I can't access my admin panel.

Hopefully someone can offer some advice please.

Thanks

Jon

Link to comment
Share on other sites

After having my old 2.x site hacked I have upgraded to 3.0.1 and started over.

 

3 is not suitable for use on any live shop, unless the shop owner is a hardcore php developer.

2.3.1 is where you should be for now.

 

HPDL; v3.0 does not contain a full user feature set to be able to run an online store on

 

Sparky; anyone that jumps into something which isn't even proven is asking for trouble [...] we will learn a lot before I would use it for "end users", I'm hoping the community will help shape what it becomes

 

A question to you, now that you are on 3. Have you tried adding a new category to your shop?

Link to comment
Share on other sites

I'm going through now & wanting to make sure I don't get any problems this time around so want to get the permissions & security setup right.

By default pretty much all of the directories seem to be set to 755, but the Security Directory Permissions tool in my admin panel seems to think they are all writable? The problem I am having when I try to change any permissions is that I am then locked out of my admin panel.

I've read through some of the posts on here suggesting that all files should be set to 644 etc, but as soon as I do that I can't access my admin panel.

Hopefully someone can offer some advice please.

Thanks

Jon

 

The problem is that there essentially are two methods used by webhosts to configure webservers. Most scripts like Oscommerce cater to the standard method where directory permissions of 755 are read only, and file permissions of 644 are also read only. However there is another major method that webhost companies are using to configure their servers in which 755 is writable for directories and 644 is writable.

Read more here

http://www.oscommerce.com/forums/topic/373047-a-chat-about-file-permissions/

 

In the second method of configuration, permissions are less of an issue, but you run in to problems when a script demands a file be read only when some hosts disallow that setting. The problem is that most developers are not overly familiar with this type of configuration and do not realise that file permissions are not the same security protection as they are with the first method.

 

Yes you can make a file read only by changing its permissions to 444, but PHP which has owner permissions, can change the permissions back to writable.

 

The thing to understand with method two is that permissions are no longer the way a virtual webhost is secured against attacks.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

OK, so just to confuse the issue the moderator has deleted my corrected post & moved the original post into this forum.

So if I may start again.

The Security Directory Permissions tool in my admin panel is showing that all of my directories are writable. I've checked & they are all set to 755 except the 2 configure.php files. If I then try to change any of those permissions I get locked out of the relevant directory.

Do I need to worry about what the security toll is telling me or is 755 an acceptable & safe setting to use across the board?

My apologies for the convoluted way of getting to the point.

Jon

Link to comment
Share on other sites

755 for directories 644 for files except the configure.php files which should be 444 or 400 (if they work on 400)

 

Files rarely work if they are not readable directories rarely allow files to be read if they (the folder) are not executable

 

There is no documentation for the Security Directory Permissions tool so who knows what it is supposed to be telling you

My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Link to comment
Share on other sites

  • 4 weeks later...
  • 8 months later...

Hi , I'm new to Oscommerce , i don't know whether this is right area to post my problem r not.....

 

Initial i developed my oscommerce site on my localhost which works fine ,but whn i moved project to my office staging server(122.183.93.234)

 

what r the changes to be made in admin/include/configure.php file......

 

Quick reply will be appreciated........

 

Thanks

Link to comment
Share on other sites

@@kranthi,

 

You will need to set the actual path. The actual path depends on your server configuration and could be something like this:

 

/home/content/sitename/public_html/

 

You will need to set the actual paths in both the /includes/configure.php and the /admin/includes/configure.php files.

 

 

 

Chris

Link to comment
Share on other sites

HI chris , GM , do u hv any idea abt any chat applications whc shoots for osc 2.3.1 projects .My client is asking chat application in the project.

 

Quick reply will be appreciated........

 

 

kranthi......

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...