Warning: I am able to write to the configuration file

**larryhyman** · 12 Apr 2007, 05:03 PM

I have chmoded the file with FTP and with the control panel on the web server and i even called my web hosting company and they have confirmed that the file is read only

then why do I keep getting these errors:

http://www.canadascrubs.com/catalog/

Warning: I am able to write to the configuration file: /services/webpages/c/a/canadascrubs.com/public/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.

Thank you in advance

**larryhyman** · 12 Apr 2007, 06:02 PM

Yes, it is two hours later and the file is still read only, so i have disabled the warning in the config file.... But i would like to know if anybody has found a solution to this yet?

Thanks

**larryhyman** · 13 Apr 2007, 12:49 PM

Is this proof that the file is read only?

http://www.canadascrubs.com/catalog/.../configure.php

Forbidden

You don't have permission to access /catalog/includes/configure.php on this server.

Then I don't have to worry and I can leave the WARNING turned off?

or regardless, because the shopping cart tells me that it can write to the config file, that I really have something to worry about..... ?????

**DrByte** · 13 Apr 2007, 01:30 PM

You can leave the warning off if you like.

It's there to let you know that PHP is able to write to the file. That means that if a hacker running a PHP script on your webserver were to target that file, they could write changes to it, effectively shutting down your site.

It's entirely up to you.

If your host is certain that you're not at risk, then take their word for it, and expect their help if you get hacked for some reason.

And, no, getting "forbidden" while trying to access the file from your browser is no proof of security.

**larryhyman** · 13 Apr 2007, 06:06 PM

OK, I re-enabled the warning in the /public/catalog/includes/init_includes/init_header.php

this is what I get:

Warning: I am able to write to the configuration file: /services/webpages/c/a/canadascrubs.com/public/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.

when I go to the file manager and check the file this is what I get:

also when I check by FTP, this is what i get:

so what is right, the file or the script, do i solve this by turning off the warning, or am I really missing something?

please help

thanks

**DrByte** · 14 Apr 2007, 02:39 AM

FTP and your File Manager are telling you that FTP and File Manager see them as read-only.

Zen Cart is telling you that PHP sees the file as writable.

This suggests that a PHP script could gain access and change the file.

I'm not going to tell you that that's safe or not. You can take that up with your hosting company and decide whether you want to ignore the warning or not.

Regardless of your choice, be sure to keep regular backups.

**larryhyman** · 16 Apr 2007, 08:23 PM

But why is it when I have the warning turned on and I follow this advice, everything is fine (my web server is an apache web server on linux and I am hosting with Bell Canada):

move the configure.php to /includes/configure/configure.php
change the path in the /includes/application_top.php now pointing to the configure.php location as above
set read only permission to the /includes/configure folder

This is from the windows server forum, but it solves my problem...

http://www.zen-cart.com/forum/showthread.php?t=58188

Larry Hyman

**Vger** · 17 Apr 2007, 02:23 AM

Did you try using permissions of 400?

Vger

**DrByte** · 17 Apr 2007, 04:54 AM

Larry,

Moving the file to another folder may or may not protect it further.
If that's what's required for your hosting arrangement in order to ensure safety and prevent the file from being vulnerable, then that's a solution for your setup.

Naturally, since Zen Cart doesn't know about the new folder, it's not going to be checking permissions on that folder or the file in it. The absence of a warning message in this case should not be an indicator of safety/security.

**larryhyman** · 17 Apr 2007, 12:27 PM

I suspect this setup works because the folder containing the configuration file (by itself) is now read only.... anyways, I'm glad I was able to find a solution and that works for me.

Thanks for all the help everybody

Thread: Warning: I am able to write to the configuration file

Thread Tools

Search Thread

Display

Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Re: Warning: I am able to write to the configuration file

Similar Threads

Warning: I am able to write to the configuration file:

Warning: I am able to write to the configuration file:

Warning: I am able to write to the configuration file...

Warning: I am able to write to the configuration file:

Warning: I am able to write to the configuration File

Bookmarks

Bookmarks

Posting Permissions