Pink Warning... several days after install

12-17-04, 09:31 PM

I set up osCommerce several days ago and got rid of the two pink warning messages by following a tutorial. Everything was fine for a few days, now all of a sudden one of the warnings is back.
Warning: I am able to write to the configuration file: ....../htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.
Can anyone tell me how it happened or what I might have done to cause it? Thanks.

stevel · 12-17-04, 10:02 PM

Well, the protection on that file changed. See the sticky topic in this section on how to reset the protection to 444. Did you replace the file?

12-17-04, 10:44 PM

No, I didn't... at least not intentionally. Anyway I re-read the Jade Dragon tutorial and re-followed her security instructions by re-running a PHP script called 'chmod.php' (that she provided) which sets protection to 0400, not 444 as you say above. Frankly I don't know the difference. To make a long story short, that did the trick, the pink message is gone. It still bothers me a little that something could have changed on its own but I'll write that off to "I must've messed something up." I'm not worried... yet. Everything in the store is fake at this point. Thanks for your reply.
PS. If you can explain the difference between 444 and 400, like which is "better" and why, I can change the chmod.php file to make it do whatever you tell me. I appreciate the help.

Jade Dragon · 12-18-04, 04:50 AM

444 = owner has read and write properties
400 = owner has read only properties.

I usually chose to lock all writing privilages off my config files when possible. Either way is still very much secure and just a matter of preference.

And yes, you can change that script to chmod to what ever number you want.

=)
Jade

redhunter · 12-27-04, 09:43 PM

Quote:

Originally Posted by Jade Dragon

444 = owner has read and write properties
400 = owner has read only properties.

That is not correct.

444 = owner, group and others have read only privilege
400 = owner has read only privilege

The difference is that with 444 anybody can read the file, and it has things in there that you don't want anyone to read, like your database password - hence the pink warning message.

Al

12-28-04, 07:29 AM

Wow... quite a difference... thanks for the correction

12-17-04, 09:31 PM	#1
vgrieco Posts: n/a	Pink Warning... several days after install I set up osCommerce several days ago and got rid of the two pink warning messages by following a tutorial. Everything was fine for a few days, now all of a sudden one of the warnings is back. Warning: I am able to write to the configuration file: ....../htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Can anyone tell me how it happened or what I might have done to cause it? Thanks.

12-17-04, 10:02 PM	#2
stevel XPW Join Date: Jun 2002 Location: New Hampshire, USA Posts: 9,464 Reputation: 265	Well, the protection on that file changed. See the sticky topic in this section on how to reset the protection to 444. Did you replace the file? __________________ Steve

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

12-17-04, 10:44 PM	#3
vgrieco Posts: n/a	No, I didn't... at least not intentionally. Anyway I re-read the Jade Dragon tutorial and re-followed her security instructions by re-running a PHP script called 'chmod.php' (that she provided) which sets protection to 0400, not 444 as you say above. Frankly I don't know the difference. To make a long story short, that did the trick, the pink message is gone. It still bothers me a little that something could have changed on its own but I'll write that off to "I must've messed something up." I'm not worried... yet. Everything in the store is fake at this point. Thanks for your reply. PS. If you can explain the difference between 444 and 400, like which is "better" and why, I can change the chmod.php file to make it do whatever you tell me. I appreciate the help.

12-18-04, 04:50 AM	#4
Jade Dragon Join Date: Sep 2002 Location: Eä, Realm of Arda, Land of Middle-earth. Posts: 2,338 Reputation: 30	444 = owner has read and write properties 400 = owner has read only properties. I usually chose to lock all writing privilages off my config files when possible. Either way is still very much secure and just a matter of preference. And yes, you can change that script to chmod to what ever number you want. =) Jade

12-28-04, 07:29 AM	#6
vgrieco Posts: n/a	Wow... quite a difference... thanks for the correction