1
Anonymous
Protector 3.0
  • 2007/2/8 20:10

  • Anonymous

  • Posts: 0

  • Since:


Just stumbled across the new Protector 3.0 module from GIJoe's site.

I've downloaded it and am confused because inside the .zip archive there's two directories:

/html
/xoops_trust_path

Both seem to contain some similar files, although there's more in the /xoops_trust_path directory. Why the two directories and which am I supposed to upload to the server?

So, in a nutshell, what do I upload (and why the extra directory in the download)?
TIA

2
irmtfan
Re: Protector 3.0
  • 2007/2/8 20:18

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


the new protector 3.00 release as a D3 module.

a D3 module needs XOOPS_TRUST_PATH plus XOOPS_ROOT_PATH
please read the instruction carefully.
Protector 3.0 Final

3
Anonymous
Re: Protector 3.0
  • 2007/2/8 20:26

  • Anonymous

  • Posts: 0

  • Since:


Quote:
irmtfan wrote:
the new protector 3.00 release as a D3 module.

a D3 module needs XOOPS_TRUST_PATH plus XOOPS_ROOT_PATH
please read the instruction carefully.


Hmmm........ now I'm more confused

The instructions say:

Copy html/modules/protector in the archive into your XOOPS_ROOT_PATH/modules/

This I understand...... same as every other module

The instructions also say:

Copy xoops_trust_path/modules/protector in the archive into your XOOPS_TRUST_PATH/modules/

This is the bit that makes me want to exclaim "WTF?"

What is XOOPS_TRUST_PATH ? Never heard of this before and I suspect I'm not alone in this

4
McDonald
Re: Protector 3.0
  • 2007/2/8 20:26

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


The files in /html have to go to your modules dir.
Create a folder somewhere and copy the files from /xoops_trust_path in that.
Add the line
define('XOOPS_TRUST_PATH''path to folder');
to the file mainfile.php
The path to the folder is that of the folder you just have created.
Install Protector as any other module.
Add the 2 lines as mentioned on GIJOEs website to your mainfile.php.

5
Anonymous
Re: Protector 3.0
  • 2007/2/8 20:29

  • Anonymous

  • Posts: 0

  • Since:


Thanks McD

Nice, clear instructions - thank you

Well, almost clear......

"path to folder" - is that from the website root directory or do I need to include that in the path?

6
Bender
Re: Protector 3.0
  • 2007/2/8 20:49

  • Bender

  • Home away from home

  • Posts: 1899

  • Since: 2003/3/10


Same way as XOOPS root path is defined just pointing to a folder outside your webroot folder.

Since the idea is to make it impossible to access that folder by http://www.yourdomain.com/foldername.

Somethings that will be used also in future XOOPS versions with a slightly different implementation putting stuff outside of what is accessible through your domain name.
Sorry, this signature is experiencing technical difficulties. We will return you to the sheduled signature as soon as possible ...

7
wodnick
Re: Protector 3.0
  • 2007/2/8 20:59

  • wodnick

  • Just popping in

  • Posts: 32

  • Since: 2006/12/30


Hi there!

Quote:

Create a folder somewhere and copy the files from /xoops_trust_path in that.


It's true, but not "somewhere".
Basic idea of XOOPS_TRUST_PATH is described on this page:
http://xoops-tips.com/news-article.storyid-108.htm

"XOOPS_TRUST_PATH was introduced by GIJOE (based on minahito’s idea as GIJOE credited). The idea and/or concept of XOOPS_TRUST_PATH is to secure a XOOPS module by moving all of the module’s PHP files out of web root or DOCUMENT_ROOT.

In doing so, modules could not be easily tempered by potential crackers, especially if the module has private files included under the document root."

[...]

"To use XOOPS_TRUST_PATH, you must edit mainfile.php to add a constant defining XOOPS_TRUST_PATH location.

The location should be out of your document root to take advantage of the secure feature.

If your XOOPS web root is
/home/yourname/public_html

Then you should create a directory under /home/yourname, parallel to public_html (NOT UNDER it, otherwise it will defeat the whole security purpose of moving files out of the web root)."

Best regards,
wodnick
========
Pozycjonowanie

8
gestroud
Re: Protector 3.0
  • 2007/2/9 5:41

  • gestroud

  • Home away from home

  • Posts: 1538

  • Since: 2004/12/22


I mess up installing this module and editing mainfile.php 1 out of every 10 times I do it. I see a distinct possibility that the number is going to increase.

I pretty much understand the concept of creating a directory outside of public_html, but what happens when:

1. there are more than one sites involved on the server

2. the directory structure doesn't use public_html? For example, what if your FTP program shows the server structure is basically empty and the root is just /:

/
site1
site2
site3
etc...
log

also,

3. Should a separate directory be created with individual subdirectories for the respective /xoops_trust_paths for each site and the xoops_trust_path/modules/protector be uploaded there?

4. Should the existing modules from each site be moved to the new subdirectories to take advantage of the security feature?

Sorry for so many questions, I just don't want to mess this up any more than I usually do.

gestroud

9
irmtfan
Re: Protector 3.0
  • 2007/2/9 9:53

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


you confuse a simple method, gestroud

as long as you define a XOOPS_TRUST_PATH in your mainfile.php you should have a XOOPS_TRUST_PATH directory somewhere ( or if you like somewhere outside wwwroot)

number of mainfiles ( for more than one site) is not matter at all.

personally i create 1 XOOPS_TRUST_PATH for 2 site ( one is the main and the other is a subdomain) in my server.

but you can create individual XOOPS_TRUST_PATH directory for each site:
mainfile.php in site1:
define('XOOPS_TRUST_PATH', 'path to folder for site1');
mainfile.php in site2:
define('XOOPS_TRUST_PATH', 'path to folder for site2');

10
gestroud
Re: Protector 3.0
  • 2007/2/9 13:49

  • gestroud

  • Home away from home

  • Posts: 1538

  • Since: 2004/12/22


Simplicity, like beauty, is in the eye of the beholder.

Login

Who's Online

410 user(s) are online (288 user(s) are browsing Support Forums)


Members: 0


Guests: 410


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits