Error Message at top

6-11-03, 12:25 AM

An error message at the top of my screen reads (everything works correctly though)

Warning: I am able to write to the configuration file: /www/k/kringle/htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

What should I set the CHMOD to? Or is it something else?

6-11-03, 03:29 AM

Try setting it up to CHMOD 444, reason for this is there is an error trap code at the top or bottom of the header.php that reads like this:

// check if the configure.php file is writeable
if (WARN_CONFIG_WRITEABLE == 'true') {
if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
tep_output_warning(WARNING_CONFIG_FILE_WRITEABLE);
}
}

and it corresponds with the code from application_top.php mentioned below:

// set which precautions should be checked
define('WARN_INSTALL_EXISTENCE', 'true');
define('WARN_CONFIG_WRITEABLE', 'true');
define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true');
define('WARN_SESSION_AUTO_START', 'true');
define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true');

In case you are not able to set your file to CHMOD 444, you can delete code from the header.php, however, this can present a security risk.

6-18-03, 11:41 PM

Please be careful removing the warning in the scripts. It is there because it is telling you that anybody with working knowledge of oscommerce can hack your website unless this file's permissions are set correctly.

I have had to contact powweb to have them chmod the file for me as it's not possible remotely. Once you have it set up the way you want it, please don't leave yourself vulnerable by not securing that file.

Regards
Scott

6-19-03, 07:55 AM

You can't CHMOD to 444, it will not let you. You are going to have to email tech support and have them do it.

6-19-03, 01:20 PM

<?php
chmod('includes/configure.php', 0444);
?>

--

If you don't know how to make this work, call PowWEB and let them do it for you.

My configure.php file is now read only.

the-rc-zone.com · 6-29-03, 06:09 AM

No need to call powweb

I edited configure.php by adding the code above the original code like this -

Quote:

<?php
chmod('includes/configure.php', 0444);
?><?php
/*
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright (c) 2003 osCom.....blah....blah....blah

6-11-03, 12:25 AM	#1
kev199 Posts: n/a	Error Message at top An error message at the top of my screen reads (everything works correctly though) Warning: I am able to write to the configuration file: /www/k/kringle/htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. What should I set the CHMOD to? Or is it something else?

6-19-03, 01:20 PM	#5
codewarrior Posts: n/a	CHMOD'ing your files <?php chmod('includes/configure.php', 0444); ?> -- If you don't know how to make this work, call PowWEB and let them do it for you. My configure.php file is now read only.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

6-11-03, 03:29 AM	#2
WenzlerPaul Posts: n/a	Try setting it up to CHMOD 444, reason for this is there is an error trap code at the top or bottom of the header.php that reads like this: // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { tep_output_warning(WARNING_CONFIG_FILE_WRITEABLE); } } and it corresponds with the code from application_top.php mentioned below: // set which precautions should be checked define('WARN_INSTALL_EXISTENCE', 'true'); define('WARN_CONFIG_WRITEABLE', 'true'); define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true'); define('WARN_SESSION_AUTO_START', 'true'); define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true'); In case you are not able to set your file to CHMOD 444, you can delete code from the header.php, however, this can present a security risk.

6-18-03, 11:41 PM	#3
SpoonFed Posts: n/a	Please be careful removing the warning in the scripts. It is there because it is telling you that anybody with working knowledge of oscommerce can hack your website unless this file's permissions are set correctly. I have had to contact powweb to have them chmod the file for me as it's not possible remotely. Once you have it set up the way you want it, please don't leave yourself vulnerable by not securing that file. Regards Scott

6-19-03, 07:55 AM	#4
candlenbath Posts: n/a	You can't CHMOD to 444, it will not let you. You are going to have to email tech support and have them do it.