Printable View
I'm positive that no one has made any statements like this at all.. Youare free to jump to your own conclusions though..
as for the permissions "issue" with the bmz_cache.. This is leftover text from the original IH2 readme text.. It's a typo error I'm sure since as Clyde has pointed out (and I concur) setting permissions to 775 works just fine.. when we address the reported watermarking issue the readme will be updated..Posted via Mobile DeviceQuote:
Originally Posted by Shane78
I think this section from the readme doc might be a source of confusion.Quote:
Originally Posted by DivaVocals
Quote:
Other trouble shooting tips
Set permissions in your images and bmz_cache folder to 777 (they need to be the same, in some cases 755 also works).
what about the folders in BMZcache... does it matter that those are 777?
does it matter that the images within these folders, and the images IH2 creates in the Large and Medium folder are at 666
In the ZC FAQ: On Linux/Unix hosts, generally, permission-setting recommendations for basic security are:
* folders/directories: 755
* files: 644
also
Additional Security for Folders having 777 permissions:
For any directory that requires permissions of 777 or, for their own reasons, one wants to have permission of 777 the following should be put within an .htaccess file used for that directory.
these 777 folders within BMZcache aint got no .htaccess
so whats the craic?
is IH2 safe, unsafe or does no body fully know?
Nothing to not trust..simply put you are looking for a feature that Image Handler does not offer.. (hover on large images) as for the so-called security issue.. there is none as Clyde and I and PLENTY of of IH2 users will tell you setting you image cache folder to 775 works just fine.. the readme will reflect as such the next release..Posted via Mobile DeviceQuote:
Originally Posted by r1formetoo
I agree.. and not an issue at all I'll update when we sort out the watermarking on additional images issue..
Posted via Mobile DeviceQuote:
Originally Posted by clydejones
so called?... see my post above...Quote:
Originally Posted by DivaVocals
im trying to get someone who knows to say
safe
unsafe
dont know
im not a security expert nor are you DV, but the ZC docs state any 777 folder and 666 files opens a risk.. folders and images IH2 creates are at 777 and 666... even tho they are in a 755 folder...
im simply curious... and a straight answer would stop this.. personally id think a 777 inside a 755 is still a risk...?
and a lack of recomended .htaccess files for 777?...
and another thing... lol
i have tried search the web to find the answer.. but cant.. but i did find a thread on word press of some dude that had 8 sites closed by his host for having 777 folders inside 744 folders...
so it must not be that great
"are chmod 777 folder inside chmod 755 safe?"
third link
you'll be please to know im now off outto get drunk.. so the next 15 hrs will be Shame78 free :P
wheres vger.. she'd know?.. maybe
I just checked my bmz_cache folder (set to 755)Quote:
Originally Posted by Shane78
All the folders (0 - f) within that folder are also set to 755 and the files within these folders are set to 644.
Not a security expert but I understand folder permissions and IH2.. So here's a straight answer which ckosloff JUST confirmed for me from examining his own store and I've confirmed by examining several Zen Cart sites I've created..
Hopefully Clyde nigel, angel and others who post here will also chime in and confirm the same..
If you set your bmz_cache folder to 755, all the folders IH2 creates within those folders will inheirit their permissions from the parent folder (bmz_cache).. I am not aware of anything in the IH2 code which explicitly sets the folders inside the bmz_cache folder to 777.. (as you seem to be implying the module does)
Posted via Mobile DeviceQuote:
Originally Posted by Shane78
It's not a security issue unique to IH2. The same principles apply to any and all files/folders, including ZC core and addons.Quote:
Originally Posted by Shane78
Explained in a reply to your other post on the matter: http://www.zen-cart.com/forum/showthread.php?t=159994