Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Warning Message


SCase

Recommended Posts

I am getting the following warning message

 

Warning: I am able to write to the configuration file: .... catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

I am running Win2k Server and IIS 5.0 ...

 

I have tried changing the permissions on that file for every account on the system, but I still get that warning message.

 

Can anyone please help me?

 

Sincerely,

Shannon

Link to comment
Share on other sites

are you logging in as the owner of the file? I had similar problems when I was trying to install OSC in a windows server. I don't think there is any way to remotely change the chmod properties. I had to contact the server admin. That's why I stick to Linux :D Also make sure that you're trying to set the property to 644.

Link to comment
Share on other sites

How do I remove the warning text on top of page? I have chmod the configure file to 644 (I?ve even tried 444) but the text won?t disapear?

 

There is TWO ways

 

1) in 'includes/application_top.php' near the bottom change:

 

 ?define('WARN_CONFIG_WRITEABLE', 'true');

to

 ?define('WARN_CONFIG_WRITEABLE', 'false');

 

 

2) in 'includes/header.php' comment out line 21 though 25 (add '//' in the front.

 

ie:

// check if the configure.php file is writeable
// ?if (WARN_CONFIG_WRITEABLE == 'true') {
// ? ?if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
// ? ? ?$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
// ? ?}
// ?}

 

It is not something I would suggest - but for the time being, it is a solution. It would be better to put the CORRECT ownership on the files and mark as READ ONLY - which should be the proper solution.

 

Good Luck

 

As an after thought: you may try clearing out the Cache in admin (turn it off). It might help.

Link to comment
Share on other sites

I am running Win2k Server and IIS 5.0 ...

 

I have tried changing the permissions on that file for every account on the system, but I still get that warning message.

Try changing SECURITY permission to your 'IUSR' or "Internet Guest Account" on that file. To check right click on the file and select properties then the security tab. Browse to the 'IUSR' (ie: "<domain_or_machine_name>\IUSR_<your_machine_name>" where '<domain_or_machine_name>' and '<your_machine_name>' may be the same if your NOT using a domain controler or is for a LOCAL install)

Link to comment
Share on other sites

As an after thought: you may try clearing out the Cache in admin (turn it off). It might help.

 

I tried to do that, but then I get this error message on top of admin-page:

 

Error: Cache directory does not exist. Please set this in configure.php.

 

How do I do that?

 

Cheers // _MaTeS_

Link to comment
Share on other sites

  • 3 weeks later...
Thanks guys .. I own the server so I am pretty sure I am logging in correctly.

Is is not a mater of HOW or WHO you login to the computer as. The IUSR can't login as a full user anyway.

 

The IUSR or <your_domain_or_machine_name>\IUSR_<your_machine_name> is the NT/W2K/XP/WIN2003 default "user account" used for any web page requests. Due to security in NT based machines - if a user is not authorized to view or access a file - they will be refused access - INCLUDING any web page files exisiting on an NTFS partion. Thus there exist this default user. If FILE security permissions exist for the IUSR - the file can be accessed.

Link to comment
Share on other sites

I am running Win2k Server and IIS 5.0 ...

 

I have tried changing the permissions on that file for every account on the system, but I still get that warning message.

Try changing SECURITY permission to your 'IUSR' or "Internet Guest Account" on that file. To check right click on the file and select properties then the security tab. Browse to the 'IUSR' (ie: "<domain_or_machine_name>\IUSR_<your_machine_name>" where '<domain_or_machine_name>' and '<your_machine_name>' may be the same if your NOT using a domain controler or is for a LOCAL install)

That's too much work!

 

All you need to do is right click configure.php and select "read only" which is right by the Hidden and Archive attributes.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...