config.php becomes writeable

[hedera]

We very recently installed ZenCart on a Windows hosting platform. After the install I got a flag that /includes/config.php was writeable on the ZenCart main page, so I asked the hosting vendor to reset the permissions (since they have a crummy control panel that won't let me do it). All was well, but about 2 weeks later I did some work in the admin back end, mostly setting configuration details (I'm still building the site), and yesterday I checked the store page and it said that /includes/config.php was writeable.

I'm not aware of having done anything to ZenCart that would affect that permission. I asked the vendor support team about it and they have no clue. What actions can a developer take, purely in the Admin interface, that would set /includes/config.php as writeable again? We can't afford to have that flag come up after we bring the site live, it'll scare the pants off the customers.

[DrByte]

There is nothing admin-side that allows you to change the permissions on your configure.php files. Any sudden changes with new warning messages about permissions are a result of something changing in the file's permissions or in the server's approach to handling permissions. Perhaps there was a PHP software or configuration change on your server.

FAQ on setting permissions:
https://www.zen-cart.com/tutorials/index.php?article=90

Here's how to suppress the warning if you believe the file is secure:
http://www.zen-cart.com/forum/showpo...63&postcount=8

[hedera]

Thanks for your response, DrByte, but I'm still concerned, because I didn't do one single thing which I knew would change that file permission. I briefly scanned your link on file permissions, which didn't surprise me (I've done admin work on both Windows and Solaris boxes). I guess this is just one more mark against the hosting company (which I didn't choose...).

Actually, I just had a thought. I'm using Microsoft Expression Web to manage this site on my local PC, and I republished the site. Could that have reset the file permission on config.php?? That would have to mean that the file was default writeable on my local PC and was then published that way to the server. If that's so I'll have to reset that file permission locally... Do you think that could be it?

[DrByte]

Actually, I just had a thought. I'm using Microsoft Expression Web to manage this site on my local PC, and I republished the site. Could that have reset the file permission on config.php?? That would have to mean that the file was default writeable on my local PC and was then published that way to the server. If that's so I'll have to reset that file permission locally... Do you think that could be it?

Not likely, but you could try it.

But *why* would you use a MS product to manage a PHP website? Dangerous territory.
Tread carefully there. MS has a long history of screwing things up when publishing PHP content. (and other stuff too, but I'll spare them that embarrassment this time)

[tlyczko]

There's nothing wrong with using MS products to manage PHP files, they are just text files, but one does have to learn about things like read-only etc. Forewarned is forearmed. :) tom