I noticed the lastest update i sstripping js, any fix?
I noticed the lastest update i sstripping js, any fix?
Greetings All,
I have read about the security issues associated with using 3rd party file upload plugins such as CKFinder and understand that ZC security doesn't allow access to the admin user's sessions to validate.
However, if I were to move the "editors" folder (along with CKFinder) under the renamed, htaccess protected "admin" folder, would that help add a layer of security?
I'm sure this has been though of, but haven't found any threads related to this question...
What do you think?
Using ZC v1.5.3 with latest CKEditor (4.4.0) plugin.
Thanks!
Experience is what you get when you don’t get what you want…
Well, can say this, if you have no intention of using CKEditor/CKFinder on the customer's side, then I'm thinking (and I make no claims that this is so) that it may be "safer". But, it seems there may be multiple locations in which a change would be necessary to allow this to work, some of which I think would require pointing to your admin folder... which well, that would reduce the safety that was just attempted to be increased. Currently there is nothing on the store side that actually points to the admin side and moving the folder location to the admin area and maintaining the general current coding would in fact expose the admin folder name unless there was a lot of rewriting performed to move the areas that use/call the code to an admin side only interface.
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
Thanks for your input mc12345678,
Editor will not be used by customer, so no issues there. I did a test run and moved the renamed the editors folder with CKEditor and CKFinder under the renamed admin folder. The 3 files that needed to be updated with the new folder locations are on the admin side (init_html_editor.php, ckeditor.php and header.php). So I should be good there. CKEditor and CKFinder seem to be working on localhost for now. Will need to upload to server to see how CKEditor and CKFinder will play with the htaccess protected admin folder.
I'll post back once I have tested!![]()
Experience is what you get when you don’t get what you want…
Zen cart installation / maintenance / customisation / hosting
Supported Modules: Dutch language pack, Multi site, Dynamic Price Updater and more.
I don't know.You may want to check the CKeditor site
Zen cart installation / maintenance / customisation / hosting
Supported Modules: Dutch language pack, Multi site, Dynamic Price Updater and more.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.