Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Install - includes/configure.php and admin/includes/configure.php


Twocanes

Recommended Posts

Hi,

Using latest Responsive-osCommerce-master. During install, we are requested to make includes/configure.php writeable by web server.

I did that but one of the first Security Checks says: I am able to write to the configuration file: /var/www/docs/xxxlinkxxx/includes/configure.php.

This is a potential security risk - please set the right user permissions on this file.  So I guess we should make the file r--r--r--.

Is the writeable version just during the install?  And what about the: /var/www/docs/xxxlinkxxx/admin/includes/configure.php permissions?

Shouldn't that file be the same as includes/configure.php?

Link to comment
Share on other sites

6 minutes ago, Twocanes said:

Is the writeable version just during the install? 

Yes, it should only be writable during the install. After, delete the install directory from the server, and set the permissions on the 2 configure files to 444 (read only).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...