Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

security permission help


spyke

Recommended Posts

Warning: I am able to write to the configuration file: W:/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

how and where to set this?

thanks and more power!

Link to comment
Share on other sites

chmod 644 configure.php

or change permissions using your ftp program

Okay, I must be stupid because I've tried this and I can't get it to work. I'm not a unix guy, but I'm assuming that 644 means:

 

owner: read write,

group: read

all: read

 

I set inclues/configure.php to that premission level using ie's built in ftp program and I still get exactly the same warning. I've tried setting it everything from 400 to 777 and I still get the same message. If I set it to 000 I get no web page at all so I assume I'm editing the permissions on the right file.

 

What am I doing wrong?

 

Blessings,

Tom

Blessings,

Tom

ScubaChick Incorporated

Link to comment
Share on other sites

I just moved my shop and that is one of the many problems I'm having. Configure.php ran well at 644 on my old host, but I get that securtiy notice now on the new host. Plus, the new server doesn't seem to let me chmod below 644 to test it at lower permissions.

Link to comment
Share on other sites

Okay, so I fixed the problem sort of. I just changed the WARN_CONFIG_WRITEABLE to false. Now it doesn't warn me, but really it should not believe that the file is writeable. It's set to 644. I have no idea why it's doing this, but I'm going to keep chugging because I can't spend the time to figure it out.

Blessings,

Tom

ScubaChick Incorporated

Link to comment
Share on other sites

Someone in another thread wrote this and it worked great for me. Horribly simple to do. I, at first, shut down the warning in the header too, but the admins here all state that if the warning pops up on a server, then the file is insecure on that server, even if it is set to 644 as instructed.

-------------------------------------------

Create a file chmod.php with the following content:

 

<?php

chmod('includes/configure.php', 0444);

?>

 

Upload it to your catalog folder and then open catalog/chmod.php (http://www.yoursite.com/catalog/chmod.php) in your web browser. Repeat for the admin folder if necessary. Delete the file (or leave it there - it's harmless).

----------------------------------------------

Oddly, it still appears to be chmodded to 644 in my FTP client, but calling this little script up once shut the warning off, so I believe it must actually be set to 444 --even if my web host doesn't want it to be!

 

The person who wrote this stated that he found this snippet on a hosting forum.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...