Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

configuration file, a potential security risk


minuteago

Recommended Posts

i just installed oscommerce v2.2.

On the top of the page, however, shows me a warning message like this.

 

Warning: I am able to write to the configuration

 

 

file: /home/localhost/public_html/catalog2/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

permission for congifure.php file is 644. How can I remove/solve this problem?

 

 

any help, I'll appreciate..

 

Thank you.

Link to comment
Share on other sites

hi same thing just happened to me you have to change your file so its read only i guess, in ftp right click that file go properties change to read only for all (i have owner ,group,global,) if that wont stay set you have to add a file to catalog folder, lable it secure.php with this code just copy and paste,

 

<?php

chmod('includes/configure.php', 0444);

?>

 

save it run it in browser youstore/catalog/secure.php , worked great for me and i know nothing

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

Thanks a lot !!! I wonder why chmodding the files to 644 or lower never seems to fix this problem with powweb accounts. I have installed osCommerce on other servers and powweb is the only place I've had this problem.

 

Great, great advice.

Link to comment
Share on other sites

add a file to catalog folder, lable it secure.php with this code just copy and paste,

 

<?php

chmod('includes/configure.php', 0444);

?>

 

save it run it in browser  youstore/catalog/secure.php , worked great for me and i know nothing

Okay, I'm feeling like an idiot here when no one else seems to be having problems using this method. I created secure.php and put it in /pkg/catalog/

 

Put in the code you recommended (in secure.php?)

 

Uploaded it

 

Still get the error.

 

I'm assuming that I also need to modify code on my pages? Which ones?

 

Thanks,

 

Tina

Link to comment
Share on other sites

nevermind.... I found your post on another page that said nothing was supposed to happen when I went to that page. Also, since you said inside the catalog folder I put the document in the wrong place. I assume that you named your ecom folder "catalog", I named mine "store." I moved it to the root of the ecom folder and ran it... everything is beautiful!

Link to comment
Share on other sites

i guess i searched over the full board now to find a solution for the CHMOD problem on the configure.php but really nothing helped me yet :(

 

first of all the secure.php with the PHP-CHMOD tags didnt work for me on the webserver, also setting the rights via FTP software didnt work AND i cant find any FTP Web-Login on the Control Panel (Customer Service) that may be able to give the correct rights. The Problem is that it always jumps back to the chmod 644 if i set 444 and i really dont know why...

 

maybe someone can help me out or give me an information how i can hide the errors at the top, i know i have to do that with the application_top.php but i dont have any clue how.

 

thanks for help :)

Link to comment
Share on other sites

maybe someone can help me out or give me an information how i can hide the errors at the top, i know i have to do that with the application_top.php but i dont have any clue how.

 

thanks for help :)

includes/application_top.php (at the bottom).

 

// set which precautions should be checked

define('WARN_INSTALL_EXISTENCE', 'true');

define('WARN_CONFIG_WRITEABLE', 'false');

define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true');

define('WARN_SESSION_AUTO_START', 'true');

define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true');

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...