Warning: I am able to write to the configuration file (Printable Price List addon)

[Sawhorse]

[FONT=Arial]I now get the following message when I go to my 'Printable Price list” http://sawhorsejewelry.com/index.php?main_page=pricelist . I do not receive the message below on any other page.[/FONT]

Warning: I am able to write to the configuration file: [FONT=Arial]/YourStoresFolder[/FONT]/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

This never happened before I changed the following, which is a list of several steps you can take to secure your Zen Cart™ site.

1) I add the new security patch.

[FONT=Arial]2)[/FONT][FONT=Arial]I renamed my "/admin" folder [/FONT]

[FONT=Arial]a.[/FONT][FONT=Arial] I opened my admin/includes/configure.php, using a simple text editor like notepad. I change all instances of /admin/ to my chosen new admin folder-name.[/FONT]

[FONT=Arial]b.[/FONT][FONT=Arial] I found my Zen Cart /admin/ directory, using my FTP software and rename the directory to match the settings I just made in my admin/includes/configure.php.[/FONT]

[FONT=Arial]c.[/FONT][FONT=Arial]I did login to my new admin system using my new URL that matches the new name.[/FONT]

[FONT=Arial]3) [/FONT][FONT=Arial]I checked to see if my configure.php files were read-only (644) using my file manager supplied with my webhosting account. And all were 644.[/FONT]

[FONT=Arial]a.[/FONT][FONT=Arial]The configure.php files are located in:
/<YourStoresFolder>/includes/configure.php
/<YourStoresFolder>/admin/includes/configure.php[/FONT]

[FONT=Arial]Now that I have “secured” my site I get the above warning message. Is this a bug or do I have another problem?[/FONT]

[FONT=Arial]Sawhorse[/FONT]

[kobra]

Try setting to 444

[Sawhorse]

Try setting to 444

That works on [FONT=Arial]/<YourStoresFolder>/includes/configure.php[/FONT], but is there are reason why I need to now remove the user option to write? The other file [FONT=Arial]/<YourStoresFolder>/admin/includes/configure.php[/FONT] is a 644 and it not telling me there is a problem? Do you think the new patch has anything to do with this issue?

Sawhorse

[DrByte]

The new admin patch would have nothing to do with permissions warnings on configure.php files. It doesn't touch anything related to that.

As for one giving the warning and the other not, the admin side is less strict on displaying that warning. You should still make both files read-only. And if your hosting server's configuration requires 444 to make that possible, then ... well ... just do it.

[raymonster]

Ok this is probably a stupid question but WHERE IS THE FILE MANAGER!!! I am coming from oscommerce because I feel that this interface is much better but I can't find the file manager anywhere. Does zencart even have one? I can't get rid of the I am able to write to the configuration file because dreamweaver cs3 won't let me change the permissions. I'm guessing its because its out of dreamweavers hands now and has to be done through zencart. Please help me out here.

[DrByte]

Ok this is probably a stupid question but WHERE IS THE FILE MANAGER!!! I am coming from oscommerce because I feel that this interface is much better but I can't find the file manager anywhere. Does zencart even have one? I can't get rid of the I am able to write to the configuration file because dreamweaver cs3 won't let me change the permissions. I'm guessing its because its out of dreamweavers hands now and has to be done through zencart. Please help me out here.

Your question has been answered in your other *identical* post of the same question: http://www.zen-cart.com/forum/showth...800#post745800
Please refrain from cross-posting the same thing in multiple places, since that behavior creates unfinished conversations and makes more work for the people who volunteer their time to answer questions.

[Sawhorse]

The new admin patch would have nothing to do with permissions warnings on configure.php files. It doesn't touch anything related to that.

As for one giving the warning and the other not, the admin side is less strict on displaying that warning. You should still make both files read-only. And if your hosting server's configuration requires 444 to make that possible, then ... well ... just do it.

Well, I will change BOTH [FONT=Arial]configure.php [/FONT][FONT=Arial]files[/FONT] to 444.

It is interesting that before I made the security changes that both configure.php files were 644 and I had no notice (warning) of a problem. But, when I made the security changes I received the warning message. I just thought that was interesting.

Thanks again,

Sawhorse