Able to Write to the Configuration File

January 4, 2004

:huh: Hello,

I keep getting the following message on my pages;

Warning: I am able to write to the configuration file: /public_html/products/includes/configure.php. This is a potential security risk - please set the right user permissions on this file

I have tried every chmod code listed in this forum for this problem with no success. How can I remove this from my pages. :unsure:

walt · January 4, 2004

when your done editing set it back to where it was not 777 and it will be fine

dorry didnt finishing reading befoer i opened my big mouth

walt · January 4, 2004

edited

berkedam · January 4, 2004

I keep getting the following message on my pages;
Warning: I am able to write to the configuration file: /public_html/products/includes/configure.php. This is a potential security risk - please set the right user permissions on this file

I have tried every chmod code listed in this forum for this problem with no succ

The file mentioned that I see is different from what you write:

../htdocs/osCommerce/catalog/includes/configure.php.

CHMOD to 644 should do the job

January 4, 2004

;) Caught me, the correct code address is ../htdocs/osCommerce/catalog/includes/configure.php. Had just copied the error message from another post to save me typing. File chmod is currently set at 644 and error message is still showing up.

6.2k · January 4, 2004

Try chmod 444 no write state

January 4, 2004

I have tried 444 with no success either. Have checked chmod 2 different ways and values match. Think its error with the message part of the code. Is there a way to disable it? Thanks

berkedam · January 4, 2004

Is there a way to disable it?

change this line in english.php as follows:

// define('WARNING_CONFIG_FILE_WRITEABLE', 'Warning: I am able to write to the configuration file: ' . dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.');

that is: 2x // in front

BTW when I try to access configure.php I get this message from yr server: :D

Forbidden
You don't have permission to access /osCommerce/catalog/includes/configure.php on this server.

January 4, 2004

:D ;) Thanks berkedam (John) your info solved half the problem. It knocked the warning to saying Warning: Config.php writeable. So I started hunting for that message and found it in catalog/includes/header.php. If you locate and remove this section, message disappears totally

// check if the configure.php file is writeable
if (WARN_CONFIG_WRITEABLE == 'true') {

if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

}

}

So here it is in full , how to remove the "Warning: I am able to write to the configuration file: /*****/*****/includes/configure.php. This is a potential security risk - please set the right user permissions on this file" warning if you are sure the chmods for config.php are configured properly but message still appearing. MAKE SURE YOU BACK UP THE FILES BEFORE WORKING ON THEM!!!!

Step 1

Locate this in catalog/includes/language/english.php

define('WARNING_CONFIG_FILE_WRITEABLE', 'Warning: I am able to write to the configuration file: ' . dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.');

CHANGE IT TO THIS:

// define('WARNING_CONFIG_FILE_WRITEABLE', 'Warning: I am able to write to the configuration file: ' . dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.');

Then go to catalog/includes/header.php and locate this:

// check if the configure.php file is writeable
if (WARN_CONFIG_WRITEABLE == 'true') {

if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

}

}

Delete the above section and no more config writeable errors on the top of your page. :D

January 4, 2004

in the admin, tools check server info and see what version of php you are running. could b esome problem there too. some servers are a real pain in the neck, some hosts do not have things configured properly

berkedam · January 4, 2004

your info solved half the problem

Didn't try myself whether it would remove the whole message (sometimes osco is tricky, the buggers build in safeties), but you are not easily fooled it seems, at least you knew what todo next :D

NJTackle · March 25, 2005

I tried everything under the sun to set get rid of this message. I ended up just turning off the check in application_top.php at the bottom of the page:

define('WARN_CONFIG_WRITEABLE', 'false');

I know........I shouldn't have but the permission is correct. I believe there is something screwy with the code checking the write permission of the file when running on IIS as I am. I checked and doubled checked the write permission and it is right - both config files are READ ONLY for USR_WEB user.

Geotex · March 25, 2005

I tried everything under the sun to set get rid of this message. I ended up just turning off the check in application_top.php at the bottom of the page:

define('WARN_CONFIG_WRITEABLE', 'false');

I know........I shouldn't have but the permission is correct. I believe there is something screwy with the code checking the write permission of the file when running on IIS as I am. I checked and doubled checked the write permission and it is right - both config files are READ ONLY for USR_WEB user.

<{POST_SNAPBACK}>

Depending on the hosting company, you might have a "super User" admin who has all directories/files marked as writeable. I had one hosting comany set up this way, and no matter how you set the file permissions, the configure.php still showed writeable. Had to do as suggested above, then changed hosting companies to one that had better security standards, as did NOT want any "super user" to have access to my databases or a hacker that knows about the hosting company to have access to my files.

After changing hosting companies, the problem went away, and restored all warinings as a safeguard.

Do your self a favor, change hosting companies ASAP, find one that supports osCommerce.

HTH

Geotex · March 25, 2005

Here's an add-on, On Windows/ IIS, you should be able to mark the file read-only. IIS doesn't use chmod. Try right-clicking on the file from your control panel, and setiing the permissions as read only. Unix/Linux boxes use chmod. If that doesn't work, change hosting companies as suggested in my post above.

HTH

Able to Write to the Configuration File

Recommended Posts

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived