jamo32 Posted May 16, 2016 Share Posted May 16, 2016 Hi Is there a list of the recommend file permissions for oscommerce I am using bootstrap master. Can I please ask what images and includes files should be. Thanks Using Bootstrap 8-) Link to comment Share on other sites More sharing options...
MrPhil Posted May 16, 2016 Share Posted May 16, 2016 On a Linux-based system, the general rule of thumb is 755 for directories, 644 for files, and you may need to go to 444 for the configure.php files. Some systems may have other "normal" settings, such as 604 for files. Some may be able to use 644 for the configure.php files (PHP running as group or other). Don't depend on osC's built-in file permissions admin tool. It's apparently a piece of trash that was never completed. It's been discussed (and eviscerated) recently. In general, grant the minimal permissions to get the job done. Only the owner and (in some cases) PHP ever need write permissions. Run away very fast when some idiot blithely tells you to "chmod 777 all your files" -- they don't know what they're talking about. Link to comment Share on other sites More sharing options...
jamo32 Posted May 16, 2016 Author Share Posted May 16, 2016 Hi Thanks ran a test on this site and it stated my images and includes file were unsafe. oscommerce-solution.com/oscommerce-security-check.php (sorry mod unsure if I should list url) Could I also ask what security add-ons would be worth using? for bootstrap Many Thanks Using Bootstrap 8-) Link to comment Share on other sites More sharing options...
MrPhil Posted May 16, 2016 Share Posted May 16, 2016 "[Your] images and include files are unsafe" covers a lot of ground. Does this test program tell you why it considers them "unsafe"? Be careful... they may be trying to sell you some expensive services! Include files are never seen by the browser, while images are pretty much just passed along by the server. Now, unless you foolishly made your files unnecessarily writable by others, the server's standard permissions (usually 755 for directories and 644 for files, although some changes may be necessary if PHP needs to write to them) should do. If PHP runs as "group" or even "other", you may need to add some write permissions. And of course, you may need to remove write permissions from the configure.php files. What kind of server are you running under (OS and server software)? What are the default directory and file permissions? Do you know if PHP runs in your group, or as world/other? What permissions do you have for the files in question? Link to comment Share on other sites More sharing options...
jamo32 Posted May 16, 2016 Author Share Posted May 16, 2016 Thanks Strange prob here on my security checks warning icon HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access. But showing ok in green under config> administration My site is ssl on admin login so I am right in saying this would not matter? could be wrong lol Using Bootstrap 8-) Link to comment Share on other sites More sharing options...
MrPhil Posted May 16, 2016 Share Posted May 16, 2016 "HTTP Authentication" is also known as "password protected directory", where you have to provide an ID and password to get into admin. The files and instructions provided with osC may work for you, or you may have to use your host's "password protect this directory". Either way, you may get a warning that it hasn't been set up. So long as you have to enter an ID and password to get into admin, it's working, and you can ignore the warnings. SSL is a completely different layer of protection. It encrypts data going back and forth between the server and the browser, so someone tapping your line (listening in) can't get any juicy information. Password protection keeps bad guys from getting into sensitive areas of your site, while SSL prevents them from listening in. Link to comment Share on other sites More sharing options...
jamo32 Posted May 17, 2016 Author Share Posted May 17, 2016 Thanks MrPhil Using Bootstrap 8-) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.