Jump to content

Archived

This topic is now archived and is closed to further replies.

jamo32

File Permission list

Recommended Posts

Hi

 

Is there a list of the recommend file permissions  for oscommerce I am using bootstrap master.

 

Can I please ask what images and includes files should be.

 

Thanks


Using Bootstrap 8-)

Share this post


Link to post
Share on other sites

On a Linux-based system, the general rule of thumb is 755 for directories, 644 for files, and you may need to go to 444 for the configure.php files. Some systems may have other "normal" settings, such as 604 for files. Some may be able to use 644 for the configure.php files (PHP running as group or other).

 

Don't depend on osC's built-in file permissions admin tool. It's apparently a piece of trash that was never completed. It's been discussed (and eviscerated) recently.

 

In general, grant the minimal permissions to get the job done. Only the owner and (in some cases) PHP ever need write permissions. Run away very fast when some idiot blithely tells you to "chmod 777 all your files" -- they don't know what they're talking about.

Share this post


Link to post
Share on other sites

Hi 

 

Thanks ran a test on this site and it stated my images and includes file were unsafe.

 

oscommerce-solution.com/oscommerce-security-check.php  (sorry mod unsure if I should list url)

 

Could I also ask what security add-ons would be worth using? for bootstrap

 

Many Thanks


Using Bootstrap 8-)

Share this post


Link to post
Share on other sites

"[Your] images and include files are unsafe" covers a lot of ground. Does this test program tell you why it considers them "unsafe"? Be careful... they may be trying to sell you some expensive services! Include files are never seen by the browser, while images are pretty much just passed along by the server. Now, unless you foolishly made your files unnecessarily writable by others, the server's standard permissions (usually 755 for directories and 644 for files, although some changes may be necessary if PHP needs to write to them) should do. If PHP runs as "group" or even "other", you may need to add some write permissions. And of course, you may need to remove write permissions from the configure.php files.

 

What kind of server are you running under (OS and server software)? What are the default directory and file permissions? Do you know if PHP runs in your group, or as world/other? What permissions do you have for the files in question?

Share this post


Link to post
Share on other sites

Thanks

 

Strange prob here on my security checks

 

warning icon HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access.

 

But showing ok in green under config> administration 

 

My site is ssl on admin login so I am right in saying this would not matter? could be wrong lol


Using Bootstrap 8-)

Share this post


Link to post
Share on other sites

"HTTP Authentication" is also known as "password protected directory", where you have to provide an ID and password to get into admin. The files and instructions provided with osC may work for you, or you may have to use your host's "password protect this directory". Either way, you may get a warning that it hasn't been set up. So long as you have to enter an ID and password to get into admin, it's working, and you can ignore the warnings.

 

SSL is a completely different layer of protection. It encrypts data going back and forth between the server and the browser, so someone tapping your line (listening in) can't get any juicy information. Password protection keeps bad guys from getting into sensitive areas of your site, while SSL prevents them from listening in.

Share this post


Link to post
Share on other sites

×