Re: Protector 3.0 [Module usage questions] - XOOPS Web Application System

1

Protector 3.0

2007/2/8 20:10
Anonymous
Posts: 0
Since:

Just stumbled across the new Protector 3.0 module from GIJoe's site.

I've downloaded it and am confused because inside the .zip archive there's two directories:

/html
/xoops_trust_path

Both seem to contain some similar files, although there's more in the /xoops_trust_path directory. Why the two directories and which am I supposed to upload to the server?

So, in a nutshell, what do I upload (and why the extra directory in the download)?
TIA

2

Re: Protector 3.0

2007/2/8 20:18
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

the new protector 3.00 release as a D3 module.

a D3 module needs XOOPS_TRUST_PATH plus XOOPS_ROOT_PATH
please read the instruction carefully.
Protector 3.0 Final

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

3

Re: Protector 3.0

2007/2/8 20:26
Anonymous
Posts: 0
Since:

Quote:

irmtfan wrote:
the new protector 3.00 release as a D3 module.

a D3 module needs XOOPS_TRUST_PATH plus XOOPS_ROOT_PATH
please read the instruction carefully.

Hmmm........ now I'm more confused

The instructions say:

Copy html/modules/protector in the archive into your XOOPS_ROOT_PATH/modules/

This I understand...... same as every other module

The instructions also say:

Copy xoops_trust_path/modules/protector in the archive into your XOOPS_TRUST_PATH/modules/

This is the bit that makes me want to exclaim "WTF?"

What is XOOPS_TRUST_PATH ? Never heard of this before and I suspect I'm not alone in this

4

Re: Protector 3.0

2007/2/8 20:26
McDonald
Home away from home
Posts: 1072
Since: 2005/8/15

The files in /html have to go to your modules dir.
Create a folder somewhere and copy the files from /xoops_trust_path in that.
Add the line

define('XOOPS_TRUST_PATH', 'path to folder');

to the file mainfile.php
The path to the folder is that of the folder you just have created.
Install Protector as any other module.
Add the 2 lines as mentioned on GIJOEs website to your mainfile.php.

5

Re: Protector 3.0

2007/2/8 20:29
Anonymous
Posts: 0
Since:

Thanks McD

Nice, clear instructions - thank you

Well, almost clear......

"path to folder" - is that from the website root directory or do I need to include that in the path?

6

Re: Protector 3.0

2007/2/8 20:49
Bender
Home away from home
Posts: 1899
Since: 2003/3/10

Same way as XOOPS root path is defined just pointing to a folder outside your webroot folder.

Since the idea is to make it impossible to access that folder by http://www.yourdomain.com/foldername.

Somethings that will be used also in future XOOPS versions with a slightly different implementation putting stuff outside of what is accessible through your domain name.

Sorry, this signature is experiencing technical difficulties. We will return you to the sheduled signature as soon as possible ...

7

Re: Protector 3.0

2007/2/8 20:59
wodnick
Just popping in
Posts: 32
Since: 2006/12/30

Hi there!

Quote:

Create a folder somewhere and copy the files from /xoops_trust_path in that.

It's true, but not "somewhere".
Basic idea of XOOPS_TRUST_PATH is described on this page:
http://xoops-tips.com/news-article.storyid-108.htm

"XOOPS_TRUST_PATH was introduced by GIJOE (based on minahito’s idea as GIJOE credited). The idea and/or concept of XOOPS_TRUST_PATH is to secure a XOOPS module by moving all of the module’s PHP files out of web root or DOCUMENT_ROOT.

In doing so, modules could not be easily tempered by potential crackers, especially if the module has private files included under the document root."

[...]

"To use XOOPS_TRUST_PATH, you must edit mainfile.php to add a constant defining XOOPS_TRUST_PATH location.

The location should be out of your document root to take advantage of the secure feature.

If your XOOPS web root is
/home/yourname/public_html

Then you should create a directory under /home/yourname, parallel to public_html (NOT UNDER it, otherwise it will defeat the whole security purpose of moving files out of the web root)."

Best regards,
wodnick

========
Pozycjonowanie

8

Re: Protector 3.0

2007/2/9 5:41
gestroud
Home away from home
Posts: 1538
Since: 2004/12/22

I mess up installing this module and editing mainfile.php 1 out of every 10 times I do it. I see a distinct possibility that the number is going to increase.

I pretty much understand the concept of creating a directory outside of public_html, but what happens when:

1. there are more than one sites involved on the server

2. the directory structure doesn't use public_html? For example, what if your FTP program shows the server structure is basically empty and the root is just /:

/
site1
site2
site3
etc...
log

also,

3. Should a separate directory be created with individual subdirectories for the respective /xoops_trust_paths for each site and the xoops_trust_path/modules/protector be uploaded there?

4. Should the existing modules from each site be moved to the new subdirectories to take advantage of the security feature?

Sorry for so many questions, I just don't want to mess this up any more than I usually do.

gestroud

9

Re: Protector 3.0

2007/2/9 9:53
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

you confuse a simple method, gestroud

as long as you define a XOOPS_TRUST_PATH in your mainfile.php you should have a XOOPS_TRUST_PATH directory somewhere ( or if you like somewhere outside wwwroot)

number of mainfiles ( for more than one site) is not matter at all.

personally i create 1 XOOPS_TRUST_PATH for 2 site ( one is the main and the other is a subdomain) in my server.

but you can create individual XOOPS_TRUST_PATH directory for each site:
mainfile.php in site1:
define('XOOPS_TRUST_PATH', 'path to folder for site1');
mainfile.php in site2:
define('XOOPS_TRUST_PATH', 'path to folder for site2');

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

10

Re: Protector 3.0

2007/2/9 13:49
gestroud
Home away from home
Posts: 1538
Since: 2004/12/22

Simplicity, like beauty, is in the eye of the beholder.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Re: Protector 3.0

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}