Twocanes Posted July 3, 2018 Share Posted July 3, 2018 Hi, Using latest Responsive-osCommerce-master. During install, we are requested to make includes/configure.php writeable by web server. I did that but one of the first Security Checks says: I am able to write to the configuration file: /var/www/docs/xxxlinkxxx/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. So I guess we should make the file r--r--r--. Is the writeable version just during the install? And what about the: /var/www/docs/xxxlinkxxx/admin/includes/configure.php permissions? Shouldn't that file be the same as includes/configure.php? Link to comment Share on other sites More sharing options...
Hotclutch Posted July 3, 2018 Share Posted July 3, 2018 6 minutes ago, Twocanes said: Is the writeable version just during the install? Yes, it should only be writable during the install. After, delete the install directory from the server, and set the permissions on the 2 configure files to 444 (read only). Link to comment Share on other sites More sharing options...
Twocanes Posted July 3, 2018 Author Share Posted July 3, 2018 Thanks, if the Security Check said exactly that, we'd have both saved time. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.