runnerboy Posted January 23, 2004 Share Posted January 23, 2004 This is my first installation of osCommerce and it all worked perfect. I'm admin of my own Webserver, PHP and MySQL are configured and running for month without a problem. The Server is running Win2000 Server & IIS The ONLY problem I have is this: Warnung: osC kann in die Konfigurationsdatei schreiben: D:\\www\\Kunden\\comlife.at\\shoptest\\catalog/includes/configure.php. Das stellt ein m?gliches Sicherheitsrisiko dar - bitte korrigieren Sie die Benutzerberechtigungen zu dieser Datei! I've tryed nearly every attribute setting to the file configure.php or the "include" folder but it didn't solve the problem. Bevor the installation I gave the "write" permission to the file. Otherwise the installation would have failed i think. I also noticed that i can't change CHMOD attributes with FlashFXP for example. By the way can anyone explain me what CHMOD is. Is it a linux command to change attributes on files and folders? I've read about the numers 644 and i understand that. Maybe chaning CHMOD with FTP software is not possible on a IIS server? plz plz help me i need the shop working very soon :rolleyes: thx, Runnerboy Link to comment Share on other sites More sharing options...
241 Posted January 23, 2004 Share Posted January 23, 2004 Did you try chmod 444 Versuchten Sie CHMOD 444 No longer giving free advice. Please place deposit in meter slot provided. Individual: [=] SME: [==] Corporation: [===] If deposit does not fit one of the slots provided then you are asking too much! Is your Osc dated try Phoenix raising oscommerce from the ashes. Link to comment Share on other sites More sharing options...
runnerboy Posted January 23, 2004 Author Share Posted January 23, 2004 I can't try CHMOD 444 because I can not change the settings with FlashFXP. But i have remote control and admin rights to the server!!! And I have tryed nearly everything to get rid of the Warning message. If I take all permissions from the "configure.php" file nothing works - OK fine thats good. If I only give READ perm to the file I get this f**** warning. mfg, Runnerboy Link to comment Share on other sites More sharing options...
runnerboy Posted January 24, 2004 Author Share Posted January 24, 2004 no ideas? plz i need help. time is running out :( mfg, Runnerboy Link to comment Share on other sites More sharing options...
♥ecartz Posted January 24, 2004 Share Posted January 24, 2004 Maybe chaning CHMOD with FTP software is not possible on a IIS server?That is correct; MS Windows does not support the chmod command. Make the file read only instead of using chmod. If using the full ACL security, make the file read only for the IIS user (and Everyone if Everyone has any rights to the file). Hth, Matt Always back up before making changes. Link to comment Share on other sites More sharing options...
vojtaz Posted January 25, 2004 Share Posted January 25, 2004 Hi, did you manage to solve this problem??? I have the same message despite the fact I set CHMOD 704 for configure.php. Please help... :( Link to comment Share on other sites More sharing options...
runnerboy Posted January 25, 2004 Author Share Posted January 25, 2004 during the installation i was quite sure the no one had WRITE rights to the configure.php files, and so the installation process went wrong. so far so good :-) then i redid the process and gave WRITE permissions to the 2 files and everything was OK. after that i took the write perm away and still ther was this f***** warning on the top. so i went out and searched for the querry in the php files. here is the solution (my version :-)): /catalog/includes/header.php change the value (WARN_CONFIG_WRITEABLE == 'true') to (WARN_CONFIG_WRITEABLE == 'false') this should solve your problem Link to comment Share on other sites More sharing options...
Guest Posted January 25, 2004 Share Posted January 25, 2004 when you change that setting to false, then you are just bypassing the security of the program. there has to be another reason the warning is there. if someone does happen to get in and read your configure.php file then they will most likely have access to the database. so your choice if you want to bypass security Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.