Thread: AllowOverride

Results 1 to 6 of 6
  1. #1
    Join Date
    Apr 2009
    Posts
    13
    Plugin Contributions
    0

    Default AllowOverride

    I've read a closed post several times about this issue. I understand there are security issues with not changing AllowOverride, however my host is adamant about leaving the default setting AllowOverride None.

    I've been using Zen-Cart 1.3.8 without any issues since 2/23/2009.

    Looks like the only way I can change this setting and upgrade is either find another host or purchase a dedicated server.

    We don't do enough business to afford that luxury.

    Will the upgrade work with AllowOverride None?
    If it works, is this so vulnerable I should consider other software?

    It's a shame because it works so well.

    Nick

  2. #2
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,108
    Plugin Contributions
    11

    Default Re: AllowOverride

    Quote Originally Posted by nick02895 View Post
    I've been using Zen-Cart 1.3.8 without any issues since 2/23/2009.
    1.3.8a is over five years old and extremely vulnerable to being hacked. You should upgrade to at least 1.3.9h or 1.5.0 (if you mode are compatible with .5.0) immediately.
    There are lots of places that host inexpensively and still allow you the option of customizing your .htaccess files. Without this ability, you'll have nothing but problems down the line.
    There is definitely no need to get a dedicated server, just a competent host.

  3. #3
    Join Date
    Apr 2009
    Posts
    13
    Plugin Contributions
    0

    Default Re: AllowOverride

    I did do the Security Patch v138 20090619 and the admin directory is very obscure.
    I looked for 1.3.9h but couldn't find it.
    I just changed hosts. Was a pretty big deal with all the domains I have. I'm just now getting to the shopping cart.
    Nick

  4. #4
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,108
    Plugin Contributions
    11

    Default Re: AllowOverride

    Even with what you have done, 1.3.8a should be dropped in the bit bucket.

    Here's the link for 1.3.9h

    Most decent hosts will transfer for you, and for free.

    If you are not involved with a lot of mods, now is a good time to go to 1.5.0.

  5. #5
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: AllowOverride

    Quote Originally Posted by nick02895 View Post
    I understand there are security issues with not changing AllowOverride, however my host is adamant about leaving the default setting AllowOverride None.
    Fine. Then get them to rework all the rules in the supplied .htaccess files so that they accommodate the same protections that changing AllowOverride would do for you.

    If they can't, then they're not taking security seriously ... and you should reconsider their suitability as a hosting company for your eCommerce stores.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Jan 2007
    Location
    Los Angeles, California, United States
    Posts
    10,023
    Plugin Contributions
    32

    Default Re: AllowOverride

    Quote Originally Posted by nick02895 View Post
    Will the upgrade work with AllowOverride None?
    If it works, is this so vulnerable I should consider other software?
    Nope.. just a better host..
    My Site - Zen Cart & WordPress integration specialist
    I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.

 

 

Similar Threads

  1. AllowOverride restrictions
    By ellivir in forum Installing on a Linux/Unix Server
    Replies: 2
    Last Post: 21 Aug 2008, 03:43 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR