Shopping Cart Operations > Security

Installing Extensions leaves folders AND files 777 permissions


I am new to Abantecart, and am a little troubled by what I discovered.

Every Extension that I have installed so far, paid or free, has set all of the folders AND files permissions to 777.

That is very frightening from a security standpoint as the .php & .tpl files are openly writable, is it not?

You need to change extension directories after you install extension to 644 or you can add more restrictions in .httaccess or web server level.


Today I tried several ways of installing one of our extensions, AddThis in AbanteCart v1.2.15. 
The originating files are set to 0644 and the folders are set to 0755.
1. Installing via FTP with our original files from our development the files remain set to 0644 and folders to 0755.
2. Installed via Extensions Upload (after downloading the files to a PC from MarketPlace) the files remain set to 0644 and folders to 0755.
3. Installing via a key the files and the folders are set to 0777.

To keep your directories/files secure, you need to set all directories/files in extensions directory to 644. 

For web or key based installation all depends on your server/OS user setup. If user of web application is the same as the application user, than permission do not have to be 777.


[0] Message Index

Go to full version
Powered by SMFPacks Social Login Mod