Previously, osCommerce users were told to use 444 as the protection mode for the two configure.php files. I just now realized that this is insecure. The mode should be 400 instead. When unprotecting for updates, use 700 and not 755.

I have a Protection of Configuration (http://www.oscommerce.com/community/contributions,2137) contribution which makes this easy, and have updated it with these new values. I strongly recommend that all osC store owners make sure that the protection of their configure.php files ends in 00.