Still able to write to configure file!!!!!!

**bottleburner** · 31 Mar 2007, 01:58 AM

Warning: I am able to write to the configuration file: /services/webpages/s/p/public/Store/zen-cart-v1.3.7-full-fileset-/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.
I have set the right permissions to 644,444,and 400 on FTP and File manger and I have been in contact with my web host who says everything is good on there end check the Zen FAQ. Could this have anything to do with the fact that my public an secure are linked? How do I stop this from viewing?

**afo** · 31 Mar 2007, 04:26 AM

Check the permissions using your file manager. The change didn't take or Zen Cart wouldn't be warning you. Simply removing the message won't fix the security problem.

**DrByte** · 31 Mar 2007, 04:32 AM

If you're absolutely convinced that there is no security risk in leaving that file's permissions as-is, then you can turn off the warning by following this:
http://www.zen-cart.com/forum/showth...384#post341936

**bottleburner** · 31 Mar 2007, 02:03 PM

Hello,
I am not totally convinced. What I do know is that when I view or change the configure files in file manger on my web host it indicates whatever changes I make wether they be a 400, 444, 644, or 777. These changes are also aparent in file manager when I make the changes using FTP. Why is it that when I change admin/ includes/ cofigure to 400, 444, 644, or 777 this warning message does not show for that cofigure file. When I got rid of the zc_install file that warning message went away, but never did I see one for the admin/ includes/ configure.

**DrByte** · 1 Apr 2007, 06:07 AM

Originally Posted by bottleburner

but never did I see one for the admin/ includes/ configure.

Zen Cart only shows the warning on the store-front.
Right or wrong, it presently assumes that you'll set it properly because of the warning on the storefront and the documented instructions during and after installation.

The warning may be added to the admin as well in a future release.

**bottleburner** · 2 Apr 2007, 12:15 PM

Thanks for the info your post on ridding the message worked well and my host assured me that the sight is secure.

Thread: Still able to write to configure file!!!!!!

Thread Tools

Search Thread

Display

Hybrid View

Still able to write to configure file!!!!!!

Re: Still able to write to configure file!!!!!!

Re: Still able to write to configure file!!!!!!

Re: Still able to write to configure file!!!!!!

Re: Still able to write to configure file!!!!!!

Re: Still able to write to configure file!!!!!!

Similar Threads

Warning: I am able to write to the configuration file: /configure.php. help please

Posting Permissions