Image Handler 2 (for ZC v1.3.8 ONLY) Support

[DivaVocals]

I'm positive that no one has made any statements like this at all.. Youare free to jump to your own conclusions though..

as for the permissions "issue" with the bmz_cache.. This is leftover text from the original IH2 readme text.. It's a typo error I'm sure since as Clyde has pointed out (and I concur) setting permissions to 775 works just fine.. when we address the reported watermarking issue the readme will be updated..

hmmm.. no interest in fixing the random additional images watermark 'hit and miss' problem... so i guess the development of this mod is dead then... ethics must have now gone out the window.

I must make a note of that in the 139 list of working 138 mods on next update, including the 777 chmod security risk IH2 may open people up to.

Posted via Mobile Device

[clydejones]

**nods in agreement** EVERY install of IH2 I've ever done I have the exact same settings..

Posted via Mobile Device

I think this section from the readme doc might be a source of confusion.

Other trouble shooting tips

Set permissions in your images and bmz_cache folder to 777 (they need to be the same, in some cases 755 also works).

[Shane78]

what about the folders in BMZcache... does it matter that those are 777?

does it matter that the images within these folders, and the images IH2 creates in the Large and Medium folder are at 666

In the ZC FAQ: On Linux/Unix hosts, generally, permission-setting recommendations for basic security are:

* folders/directories: 755
* files: 644


also

Additional Security for Folders having 777 permissions:

For any directory that requires permissions of 777 or, for their own reasons, one wants to have permission of 777 the following should be put within an .htaccess file used for that directory.

these 777 folders within BMZcache aint got no .htaccess

so whats the craic?

is IH2 safe, unsafe or does no body fully know?

[DivaVocals]

Nothing to not trust..simply put you are looking for a feature that Image Handler does not offer.. (hover on large images) as for the so-called security issue.. there is none as Clyde and I and PLENTY of of IH2 users will tell you setting you image cache folder to 775 works just fine.. the readme will reflect as such the next release..

Interesting. Now I don't know if I should trust this mod and use it or pay for Magic Tools....... I really like the idea of not having to go create extra images for large pictures and thumbnails and so on but I also haven't seen IH2's working mouse over zoom feature either......

Ian

Posted via Mobile Device

[DivaVocals]

I agree.. and not an issue at all I'll update when we sort out the watermarking on additional images issue..

I think this section from the readme doc might be a source of confusion.

Posted via Mobile Device

[Shane78]

Nothing to not trust..simply put you are looking for a feature that Image Handler does not offer.. (hover on large images) as for the so-called security issue.. there is none as Clyde and I and PLENTY of of IH2 users will tell you setting you image cache folder to 775 works just fine.. thereadme will relect as such the next release..
Posted via Mobile Device

so called?... see my post above...

im trying to get someone who knows to say

safe
unsafe
dont know

im not a security expert nor are you DV, but the ZC docs state any 777 folder and 666 files opens a risk.. folders and images IH2 creates are at 777 and 666... even tho they are in a 755 folder...

im simply curious... and a straight answer would stop this.. personally id think a 777 inside a 755 is still a risk...?
and a lack of recomended .htaccess files for 777?...

[Shane78]

and another thing... lol

i have tried search the web to find the answer.. but cant.. but i did find a thread on word press of some dude that had 8 sites closed by his host for having 777 folders inside 744 folders...

so it must not be that great

google
"are chmod 777 folder inside chmod 755 safe?"

third link

you'll be please to know im now off outto get drunk.. so the next 15 hrs will be Shame78 free

wheres vger.. she'd know?.. maybe

[clydejones]

so called?... see my post above...

im trying to get someone who knows to say

safe
unsafe
dont know

im not a security expert nor are you DV, but the ZC docs state any 777 folder and 666 files opens a risk.. folders and images IH2 creates are at 777 and 666... even tho they are in a 755 folder...

im simply curious... and a straight answer would stop this.. personally id think a 777 inside a 755 is still a risk...?
and a lack of recomended .htaccess files for 777?...

I just checked my bmz_cache folder (set to 755)
All the folders (0 - f) within that folder are also set to 755 and the files within these folders are set to 644.

[DivaVocals]

Not a security expert but I understand folder permissions and IH2.. So here's a straight answer which ckosloff JUST confirmed for me from examining his own store and I've confirmed by examining several Zen Cart sites I've created..

Hopefully Clyde nigel, angel and others who post here will also chime in and confirm the same..

If you set your bmz_cache folder to 755, all the folders IH2 creates within those folders will inheirit their permissions from the parent folder (bmz_cache).. I am not aware of anything in the IH2 code which explicitly sets the folders inside the bmz_cache folder to 777.. (as you seem to be implying the module does)

so called?... see my post above...

im trying to get someone who knows to say

safe
unsafe
dont know

im not a security expert nor are you DV, but the ZC docs state any 777 folder and 666 files opens a risk.. folders and images IH2 creates are at 777 and 666... even tho they are in a 755 folder...

im simply curious... and a straight answer would stop this.. personally id think a 777 inside a 755 is still a risk...?
and a lack of recomended .htaccess files for 777?...

Posted via Mobile Device

[DrByte]

... including the 777 chmod security risk IH2 may open people up to.

It's not a security issue unique to IH2. The same principles apply to any and all files/folders, including ZC core and addons.
Explained in a reply to your other post on the matter: http://www.zen-cart.com/forum/showthread.php?t=159994