Author Topic: Installing Extensions leaves folders AND files 777 permissions  (Read 1288 times)

Offline kavlito

  • Newbie
  • *
  • Posts: 20
  • Karma: +4/-0
    • View Profile
I am new to Abantecart, and am a little troubled by what I discovered.

Every Extension that I have installed so far, paid or free, has set all of the folders AND files permissions to 777.

That is very frightening from a security standpoint as the .php & .tpl files are openly writable, is it not?

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4255
  • Karma: +279/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #1 on: May 10, 2020, 08:19:48 AM »
You need to change extension directories after you install extension to 644 or you can add more restrictions in .httaccess or web server level.
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline yonghan79

  • Newbie
  • *
  • Posts: 18
  • Karma: +11/-0
    • View Profile
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #2 on: May 10, 2020, 11:43:26 AM »
Hi,

Today I tried several ways of installing one of our extensions, AddThis in AbanteCart v1.2.15. 
The originating files are set to 0644 and the folders are set to 0755.
1. Installing via FTP with our original files from our development the files remain set to 0644 and folders to 0755.
2. Installed via Extensions Upload (after downloading the files to a PC from MarketPlace) the files remain set to 0644 and folders to 0755.
3. Installing via a key the files and the folders are set to 0777.
« Last Edit: May 10, 2020, 11:48:09 AM by yonghan79 »

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4255
  • Karma: +279/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #3 on: May 12, 2020, 10:19:16 PM »
To keep your directories/files secure, you need to set all directories/files in extensions directory to 644. 

For web or key based installation all depends on your server/OS user setup. If user of web application is the same as the application user, than permission do not have to be 777.
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

 

Powered by SMFPacks Social Login Mod