31
carpeweb
Re: Protector
  • 2007/4/9 16:59

  • carpeweb

  • Just popping in

  • Posts: 38

  • Since: 2002/9/12


I think all the Protector options for sanitising were already selected. I'm just stuck at this point. None of the installed modules seem to work.

I'm thinking of just starting over; is there a standard un-install procedure? I'm assuming that just deleting a folder under modules will not clean up the database.

Thanks,
Jim

32
Medic1
Re: Protector
  • 2007/4/9 20:48

  • Medic1

  • Just popping in

  • Posts: 44

  • Since: 2005/10/1


yes there is a uninstall in the admin / module section.

before you delete everything I'd see if these guys can help.
They helped me get mine right.

33
peterr
Re: Protector
  • 2007/4/10 13:23

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


I'm looking at the 'readme' for V3 of protector ..

Quote:

First, define XOOPS_TRUST_PATH into mainfile.php if you've never done it yet.

Copy html/modules/protector in the archive into your XOOPS_ROOT_PATH/modules/
Copy xoops_trust_path/modules/protector in the archive into your XOOPS_TRUST_PATH/modules/

Turn permission of XOOPS_TRUST_PATH/modules/protector/configs writable


Shouldn't all the files that show in the archive in 'xoops_trust_path/modules/protector' be in the path 'html/modules/protector' ??

That way, it follows XOOPS standards, and the Protector module is installed in the same heirarchy as other modules.

Confusing.

Peter
NO to the Microsoft Office format as an ISO standard.
Sign the petition

34
peterr
Re: Protector
  • 2007/4/10 13:39

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


It's okay, I just found and read the top part of this tip on XOOPS_TRUST_PATH

It goes parallel to the web root, so it can't be accessed by a browser.. okay.
NO to the Microsoft Office format as an ISO standard.
Sign the petition

35
Dave_L
Re: Protector
  • 2007/4/10 13:40

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


No, because XOOPS_TRUST_PATH should be located outside the web document root. Personally I would prefer a name other than "trust path", such as "non-html path" or non-htdocs path".

36
peterr
Re: Protector
  • 2007/4/10 13:48

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Hi Dave, I read down a bit further, terminology I guess. If this is 'web root' ..

/home/username/public_html/

and the TRUST' path idea is ..

/home/username/sometrustname/

yes, it's not below, or underneath web root, more like 'at the same level' of file structure.

I think you posted in response to my post, but before I modified the post. :)
NO to the Microsoft Office format as an ISO standard.
Sign the petition

37
Dave_L
Re: Protector
  • 2007/4/10 14:05

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Quote:
I think you posted in response to my post, but before I modified the post. :)


Correct.

I prefer "outside"; "below" or "underneath" are ambiguous since their meaning depend on your point of view.

38
peterr
Re: Protector
  • 2007/7/5 14:16

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

vaughan wrote:
in your php.ini file you need to add:

register_globals = 0
allow_url_fopen = 0
session.use_only_cookies = 1


Vaughan, with using php.ini (when PHPSuexec is being used), it resides in the web root of course. Do you know what to add in .htaccess to stop people doing this:

http://example.com/php.ini
NO to the Microsoft Office format as an ISO standard.
Sign the petition

39
peterr
Re: Protector
  • 2007/7/6 6:55

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

peterr wrote:
Do you know what to add in .htaccess to stop people doing this:

http://example.com/php.ini


Will this do it ??

<Files php.ini>
        
Order deny,allow
        Deny from all
Files>



(I hope that Apache/PHP can still access it though).
NO to the Microsoft Office format as an ISO standard.
Sign the petition

40
peterr
Re: Protector
  • 2007/7/6 13:07

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

vaughan wrote:
in your php.ini file you need to add:

register_globals = 0
allow_url_fopen = 0
session.use_only_cookies = 1


session.use_only_cookies is optional but may give you a tiny bit more protection aswell..


Actually shouldn't the 3 'essentials' for protector , in php.ini be:

register_globals Off
allow_url_fopen 
0
session
.use_trans_sid 1
NO to the Microsoft Office format as an ISO standard.
Sign the petition

Login

Who's Online

339 user(s) are online (274 user(s) are browsing Support Forums)


Members: 0


Guests: 339


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits