I set up osCommerce several days ago and got rid of the two pink warning messages by following a tutorial. Everything was fine for a few days, now all of a sudden one of the warnings is back.
Warning: I am able to write to the configuration file: ....../htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.
Can anyone tell me how it happened or what I might have done to cause it? Thanks.

Well, the protection on that file changed. See the sticky topic in this section on how to reset the protection to 444. Did you replace the file?

No, I didn't... at least not intentionally. Anyway I re-read the Jade Dragon tutorial and re-followed her security instructions by re-running a PHP script called 'chmod.php' (that she provided) which sets protection to 0400, not 444 as you say above. Frankly I don't know the difference. To make a long story short, that did the trick, the pink message is gone. It still bothers me a little that something could have changed on its own but I'll write that off to "I must've messed something up." I'm not worried... yet. Everything in the store is fake at this point. Thanks for your reply.
PS. If you can explain the difference between 444 and 400, like which is "better" and why, I can change the chmod.php file to make it do whatever you tell me. I appreciate the help.

444 = owner has read and write properties
400 = owner has read only properties.

I usually chose to lock all writing privilages off my config files when possible. Either way is still very much secure and just a matter of preference.

And yes, you can change that script to chmod to what ever number you want.

=)
Jade

444 = owner has read and write properties
400 = owner has read only properties.



That is not correct.

444 = owner, group and others have read only privilege
400 = owner has read only privilege

The difference is that with 444 anybody can read the file, and it has things in there that you don't want anyone to read, like your database password - hence the pink warning message.

Al

Wow... quite a difference... thanks for the correction