Jump to content
Sign in to follow this  
stevel

Protection of Configuration

Recommended Posts

This is the official support topic for the contribution Protection of Configuration

 

Please report any problems with this contribution here.

 

I just want to thank you for this great addon, it was exactly what I needed to get this annoying warning away. Thank you very much!

Share this post


Link to post
Share on other sites
This is the official support topic for the contribution Protection of Configuration

 

Please report any problems with this contribution here.

 

Hi Steve,

 

I have a problem - when i uploaded both the files, and after I changed the filenames.php, now i can't get into the filemanger at all! So haven't been able to change the second file tools.php.

 

Any suggestions would be appreciated

 

thanks

jean

Share this post


Link to post
Share on other sites

I never use the osC file manager and actually remove it from the server of my stores as it is a security risk. At least, with the latest osC update, it no longer corrupts files.

 

You'll have to use an FTP client or some other method of editing your files until you fixed whatever error you made - probably a syntax error in filenames.php.

Share this post


Link to post
Share on other sites
I never use the osC file manager and actually remove it from the server of my stores as it is a security risk. At least, with the latest osC update, it no longer corrupts files.

 

You'll have to use an FTP client or some other method of editing your files until you fixed whatever error you made - probably a syntax error in filenames.php.

 

 

Thanks Steve, i have fixed it i think.

 

I have just put up oscommerce on my server - and its security that worries me, is there a place on the forum/contribution area that has a complete list of security issues and how to fix them?

thanks

jean

Share this post


Link to post
Share on other sites

Steve,

 

I to get the error

 

No Right Permission Access

Please contact your Webmaster to request

more access or if you found any problem.

 

 

I am logged in as top administrator, i have changed file permissions to 755.. 644...444 nothing seems to work. any ideas?

 

I use creloaded 6.15 and cannot get the security error bar across the top of the home page off.

 

Thanks

 

Kyle

Share this post


Link to post
Share on other sites

Jean, sorry I didn't see your post earlier. The security issue of the File Manager is that if someone gets into your admin, they can see, edit or delete any file in your store. Obviously the osCommerce developers thought that was a good idea, but I don't.

 

Kyle, I have no experience with creloaded. I would first check to make sure the protection is actually set on the server to what you think it is. Then find the code that gives the warning and see what it is testing for,

Share this post


Link to post
Share on other sites

The file permission is set to 644, I'm not able to set it differently - so I just need to have the check commented out.

 

This warning message is quite annoying. And I wish I could get rid of it by commenting out in a php file. Does anyone know how to do this? :-"

 

Thanks!

 

BR

Share this post


Link to post
Share on other sites

Good Day,

 

in trying the contrib, I am getting the following error:

 

Fatal error: Cannot redeclare tep_db_connect() (previously declared in /xxxx/htdocs/Catalog/admin/includes/functions/database.php:13) in /xxxx/htdocs/Catalog/admin/includes/functions/database.php on line 13

 

Any help would be appreciated..

 

Steve

Share this post


Link to post
Share on other sites

Somehow you are gatting database.php included twice. Sometimes this is caused by a blank line at the end of includes/languages/english.php, though this mod doesn't change that file. The call to database.php comes from application_top.php which is not edited by this contrib. I suggest you check your changes carefully.

Share this post


Link to post
Share on other sites
Somehow you are gatting database.php included twice. Sometimes this is caused by a blank line at the end of includes/languages/english.php, though this mod doesn't change that file. The call to database.php comes from application_top.php which is not edited by this contrib. I suggest you check your changes carefully.

 

 

Steve,

 

I will look, but it doesn't make sense as you said.

 

Steve

Share this post


Link to post
Share on other sites

somebody now where i can changes the php so i can get this script to work ??? and what i should changes in php.ini or other files. ????

 

 

You were right! That did the trick. This is what my ISP said:

 

Hello,

We have made some modifications in the PHP configurations in the server to do 'chmod' through PHP script. Also, we have added the line

#!/usr/local/bin/php

at the beginning of the script

/home/public_html/catalog/admin/protection.php

 

So I guess that was it.

BTW, do you think the "#!/usr/local/bin/php " makes any difference? I've never had to put that at the top of the page before and I'm running a lifetime of PHP stuff on this same server.

 

Thanks again!

 

cc

 

"I love people who love PHP"

Share this post


Link to post
Share on other sites

Hi Steve,

i'm looking for ways to secure my site or at least make it more challenging for any would be hackers and came upon your contrib. Granted, I'm not the brightest bulb on the shelf so please be patient with my confusion. If someone is able to get into the admin area which grants them the ability to edit/delete files, what prevents them from deleting the protection.php files and any other files? I mean, once they're in, don't they have the ability to wreak havoc irregardless of any secondary security precautions or is a comparision to an intruder inside a premises with the intent of vandalism incorrect? Your suggestion to move the admin folder out of the catalog seems more judicious so as to thwart (reduce the ease of) entry in the first place. Also if i remove filenames.php, doesn't that bypass 'define 'FILENAME_PROTECTION', 'protection.php');' ? i realize if someone is adamant on getting in and has the resources that there's always a risk, and i sincerely appreciate your measures to safeguard my site. i'm just conjuring up an image that while i'm locking up the cookie jar, i failed to shut the front door. Thanks for your patience and understanding.

respectfully,

jk

Share this post


Link to post
Share on other sites

Sorry for not seeing this earlier - my subscription to the topic seems to have expired.

 

This contribution does not improve security of the store. All it does is make it easier to change the file protection status of the two configuration.php files as recommended by osCommerce instructions, making them not writeable. In particular, some combinations of FTP client and web host won't let you set a 444 protection on a file, so you have to do it either from a shell or from a script. It also shows you whether or not the two files are writeable.

Share this post


Link to post
Share on other sites

Thanks for fine contribution!

Note to latest 1.3 update. My both configure files are set to 400 and light red as not protected although they are. May be to extend a color logic? just my 2 cents.

Share this post


Link to post
Share on other sites

The contribution uses the same PHP is_writable function that osCommerce uses to warn you if the configuration file is writable. If Protection of Configuration says the file is writable, then it is.

Share this post


Link to post
Share on other sites

Steve,

Just a quick question. I have installed Protection of Configuration and have secured the two config files perfectly fine. Which was the main reason that I installed it as I am on a Windows shared hosting and cannot change the levels of security on the folders.

 

However, I have just been looking at the other folders that I can change the security levels on and found that even if I select to secure them, and it confirms it at the top, nothing changes.

 

I have attached a screen shot below for reference.

 

protection-of-configuration.gif

 

Any advice would be helpful!

 

Thanks!! :)


Gazza

If its not broken...why try fixing it??

Share this post


Link to post
Share on other sites

Hi,

 

this is Mendoh with a problem using this contribution.

 

I have installed version 1.1 correctly then successfully protected both "administration panel" and "catalog".

 

After a while, today I tried to switch the whole to unprotected status and no matter the folder I always get a red error saying "Failed to change protection of Administration Panel" and "Failed to change protection of catalog"; if I tried to chmod 775 or 777 on server, I get nothing done and still wind up with 755 permission.

 

Can anybody help me out to find what is wrong?

 

Thanks a lot in advance

 

Mendoh

Share this post


Link to post
Share on other sites
Hi,

 

this is Mendoh with a problem using this contribution.

 

I have installed version 1.1 correctly then successfully protected both "administration panel" and "catalog".

 

After a while, today I tried to switch the whole to unprotected status and no matter the folder I always get a red error saying "Failed to change protection of Administration Panel" and "Failed to change protection of catalog"; if I tried to chmod 775 or 777 on server, I get nothing done and still wind up with 755 permission.

 

Can anybody help me out to find what is wrong?

 

Thanks a lot in advance

 

Mendoh

 

Try installing the latest version. I had the same problem and switched. It makes it easy to see the permissions you need on certain important files.

 

Yol


I repeat myself when under stress, I repeat myself when under stress, I repeat myself...

 

--King Crimson (“Discipline”)

Share this post


Link to post
Share on other sites
Try installing the latest version. I had the same problem and switched. It makes it easy to see the permissions you need on certain important files.

 

Yol

 

Oh, just one thing. Shouldn't the images and backup folders be CHMOD to 0777? Otherwise I get an error message in the admin panel, as the backup file is not writable, and my store gets really slow, due to the images taking longer than usual. I keep those folders (and the graphs folder) at 0777.

 

Yol


I repeat myself when under stress, I repeat myself when under stress, I repeat myself...

 

--King Crimson (“Discipline”)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×