Securing Zencart

[maraud]

The security guidelines suggest that the best way to secure Zencart is to store certain folders below the webroot.

I tried to do this and also change the admin/includes/configure.php file to reflect the right paths but ended up with some errors.

When i tried to reverse the process, i could not log into admin

My question is simply
- Which are the folders that should be put below the webroot? is that images, media and what else?

- Which files need to be updated to show thE path of the new folders? Is that admin/includes/configure.php only or also includes/configure.php too. And when this is done, which other file should be updated?

- Also, if the images folder is below the web root, does it present any problems for the admin area in being able to upload and manage images? Since the logic is that the folder is not accessble through the web root. How much might tranfered files affect teh admin area?

[kitcorsa]

i need to know this also

[EyefulTower]

i need to know this also

https://www.zen-cart.com/tutorials/i...hp?article=280

[Chuckl]

The security guidelines suggest that the best way to secure Zencart is to store certain folders below the webroot.

What security guidelines are these?
All of the Zen Cart folders are below the webroot by default. There is a recommendation that if you are selling downloadable products you should move the downloads folder and downloads outside the webroot, so they are not directly accessible from the website.

[gjh42]

By "below the webroot" they mean outside /public_html/ in the directory path... it's just a semantic ambiguity. Trees don't have branches and leaves "below" the roots, they are "above" the roots. Anything "below" the roots is hidden underground.