xoops forums

layton56

Just popping in
Posted on: 2012/4/23 3:35
layton56
layton56 (Show more)
Just popping in
Posts: 2
Since: 2012/4/3 1
#1

xoops_lib & xoops_data

Hi there. My first installation.
I have got all the way through install, at one point I was advised to rename xoops_lib & xoops_data and remove them from the root. So I created a new folder, moved the two dirs into it and renamed them. This stopped the installation in its tracks so I had to put them back. Now I am in the admin panel, the warnings are there to move the dirs? I have no Idea where to? Having redone my original shuffle, I get an error page. So they now sit in their original positions as per the upload.
Help would be great.
Cheers
Layton

ccm1121

Just popping in
Posted on: 2012/4/23 4:36
ccm1121
ccm1121 (Show more)
Just popping in
Posts: 4
Since: 2009/12/15
#2

Re: xoops_lib & xoops_data

Hi,

Just remove the two folders out of the root & update the new path in the mainfile.php.

Mamba

Moderator
Posted on: 2012/4/23 4:40
Mamba
Mamba (Show more)
Moderator
Posts: 10779
Since: 2004/4/23
#3

Re: xoops_lib & xoops_data

Please read the Installation Guide
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

deka87

Friend of XOOPS
Posted on: 2012/4/23 4:49
deka87
deka87 (Show more)
Friend of XOOPS
Posts: 1124
Since: 2007/10/5
#4

Re: xoops_lib & xoops_data

If your xoops_data and xoops_lib now locate at say /home/www/xoops_data and /home/www/xoops_lib you've got to move them to e.g. /home/xoops_data and /home/xoops_lib or /xoops_data and /xoops_lib and correct the paths in the mainfile.php (change the attributes to 777 when you do so, and change it back to 444 when it's finished, otherwise you will get another warnign message).
Mind anchors

DCrussader

Friend of XOOPS
Posted on: 2012/4/23 11:55
DCrussader
DCrussader (Show more)
Friend of XOOPS
Posts: 573
Since: 2005/7/4 7
#5

Re: xoops_lib & xoops_data

Quote:

Just remove the two folders out of the root & update the new path in the mainfile.php.


This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder (and I can make u one XOOPS in that way, so everyone willing to hack it, to hack it), even u don't need to install Xorify and/or Protector. None of this 3 steps are required for playing with it. Those changes was made bcz of some paranoid site administrators with the buggiest ever 2.3.x core.

If u check current releases of all modules, you will see that no one of those modules from the forums Blue-Move or testing area (by Wishcraft and others uses this "most secure" way by placing important parts of the modules in /xoops_lib like protector.

Edit: Noticed that you're post in 2.3.x area.... this is the worst way of trying XOOPS, always use latest, and this areas 2.3.x/2.4.x/2.0.x should be locked and moved to archive. 2.0/2.2 Mithrandir/2.3/2.4 don't exists anymore, there are no modules for them, no one writes patches for them, no one maintain them with bug-fix releases, security holes patches....
May The Source Be With You!

Peekay

XOOPS is my life!
Posted on: 2012/4/23 12:45
Peekay
Peekay (Show more)
XOOPS is my life!
Posts: 2335
Since: 2004/11/20
#6

Re: xoops_lib & xoops_data

Quote:

DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


+1

I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it. There are many shared hosting providers who simply do not allow folders outside the site root.
A thread is for life. Not just for Christmas.

Anonymous

Posted on: 2012/4/23 13:52
Anonymous
Anonymous (Show more)
Posts: 0
Since:
#7

Re: xoops_lib & xoops_data

Quote:
DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


A cms is save until a new flaw is detected... So why compromise security by not taking all safety measures you can use?

Quote:
Peekay wrote: I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it.


But what if not warning users would lead to many compromised xoops sites? I guess this would be more harmfull for xoops then a few users not using it by lack of knowledge.

I agree with you both this warnings could use some extra explanation in the install script or on the main admin page. And be clear about what are the risks when ignoring them.

Dante7237

Friend of XOOPS
Posted on: 2012/4/23 14:11
Dante7237
Dante7237 (Show more)
Friend of XOOPS
Posts: 288
Since: 2008/5/28
#8

Re: xoops_lib & xoops_data

Move the folders out of root. Like Flipse said there's no reason not to.
More troubling than the presentation of info re: the "Trust Path" is the lack of insistence that people adjust the php.ini files correctly.

Doesn't matter where you locate the trust path if folks are able to traverse directories due to a php.ini oversight.

There's also a great example of an .htaccess file here somewhere that should come stock with the cms package.

Its always that 1 thing you overlook, or deem not required that will be the thing that gets exploited..

And yes, XOOPS is the most secure cms I've found. That doesn't mean anyone should get lazy about doing all the right things..
The more I know, the more I know that I really didn't wanna know.

Peekay

XOOPS is my life!
Posted on: 2012/4/23 14:34
Peekay
Peekay (Show more)
XOOPS is my life!
Posts: 2335
Since: 2004/11/20
#9

Re: xoops_lib & xoops_data

Quote:

Dante7237 wrote:
Move the folders out of root. Like Flipse said there's no reason not to.


There is a reason. Many of the low-price, shared-hosting services used by charities and community groups don't allow it.

GoDaddy for example.

These organisations can't always afford to 'get a better hosting package'.
A thread is for life. Not just for Christmas.

Dante7237

Friend of XOOPS
Posted on: 2012/4/23 18:19
Dante7237
Dante7237 (Show more)
Friend of XOOPS
Posts: 288
Since: 2008/5/28
#10

Re: xoops_lib & xoops_data

If a 5 dollar hosting account is a prohibitive factor, then they have far bigger troubles..

There are many other hosting solutions that offer the needed tools cheap.
The more I know, the more I know that I really didn't wanna know.