PEAK XOOPS - mainfile.php Not Secure ??? 
mainfile.php Not Secure ???
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/3/25 21:58
pmhoran
From: Prince Edward Island, Canada , Canada
Posts: 52
From: Prince Edward Island, Canada , Canada
Posts: 52
'mainfile.php' : unpatched Not secure
Xoops Protector can protect your site under limited conditions as long as it is called from mainfile.php.
You should edit your mainfile.php like written in README.
I read the README and modified the mainfile as indicated.
But ... due to security issues (I do not like all that info uncoded in a file in my public_html file ... so I moved the "real" mainfile.php into a secure folder in the root directory and changed the public_html/mainfile.php to read
<?php
include("/home/myroot/mysecurefile/mainfile.php");
?>
But even though my mainfile.php IS secure ... Protector does not recognize it as being secure.
Anyway of changing that in future versions???
Thanks
Peter
Xoops Protector can protect your site under limited conditions as long as it is called from mainfile.php.
You should edit your mainfile.php like written in README.
I read the README and modified the mainfile as indicated.
But ... due to security issues (I do not like all that info uncoded in a file in my public_html file ... so I moved the "real" mainfile.php into a secure folder in the root directory and changed the public_html/mainfile.php to read
<?php
include("/home/myroot/mysecurefile/mainfile.php");
?>
But even though my mainfile.php IS secure ... Protector does not recognize it as being secure.
Anyway of changing that in future versions???
Thanks
Peter
Votes:0
Average:0.00
Dave_L
From: Virginia, USA
Posts: 35
From: Virginia, USA
Posts: 35
This is how Protector 2.38 performs those checks in modules/protector/admin/advisory.php:
Maybe a better way would be to call the function get_included_files and see if those two files were included. .
// patch to mainfile.php
echo "<dl><dt>'mainfile.php' : " ;
$lines = file( '../../../mainfile.php' ) ;
$pre_safe = false ;
$post_safe = false ;
foreach( $lines as $line ) {
if( preg_match( '?modules/protector/include/precheck.inc.php?' , $line ) ) $pre_safe = true ;
if( preg_match( '?modules/protector/include/postcheck.inc.php?' , $line ) ) $post_safe = true ;
}
Maybe a better way would be to call the function get_included_files and see if those two files were included. .
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
hi Dave & Peter!
It's just my omission
Though get_included_files() looks good, I'll use easier way like just defining some constants.
I'll modify it soon.
It's just my omission
Though get_included_files() looks good, I'll use easier way like just defining some constants.
I'll modify it soon.
Votes:0
Average:0.00
satanas
Posts: 14
Posts: 14
Hi all,
There is another way to protect the mainfie.php is to extract the critical values and put them into a protected directory out of the apache directoy.
Here is the article explaining it and in that case the protector module is working..
there is the link
regards
There is another way to protect the mainfie.php is to extract the critical values and put them into a protected directory out of the apache directoy.
Here is the article explaining it and in that case the protector module is working..
there is the link
regards
Votes:0
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2005/3/31 7:45
GIJOE
Posts: 4110
Posts: 4110
hi satanas.
It looks a better way.
It might be useful under the environment httpd set wrongly.
Anyway, removing mainfile.php to another place means that I should modify the advisory of Protector right now
It looks a better way.
It might be useful under the environment httpd set wrongly.
Anyway, removing mainfile.php to another place means that I should modify the advisory of Protector right now
Votes:0
Average:0.00
Login