1
macmend
protector without htaccess
  • 2007/4/23 20:46

  • macmend

  • Quite a regular

  • Posts: 285

  • Since: 2004/2/27


How is it possible to use protector with phpsuexec (no php flags in htaccess)

what should be in the php.ini file and where does it need to be placed
Free Mac Support

Ordinary Wisdom

apache server with php sshexec turned on
xoops version 2.0.18.1 & 2.3.1
php version 5.2.5
mysql version 5.0.45

2
macmend
Re: protector without htaccess
  • 2007/4/26 10:51

  • macmend

  • Quite a regular

  • Posts: 285

  • Since: 2004/2/27


does anyone know anything about this...???
Free Mac Support

Ordinary Wisdom

apache server with php sshexec turned on
xoops version 2.0.18.1 & 2.3.1
php version 5.2.5
mysql version 5.0.45

3
InnoSense
Re: protector without htaccess
  • 2007/4/26 12:33

  • InnoSense

  • Just popping in

  • Posts: 25

  • Since: 2006/10/2


>>what should be in the php.ini file

You talk about register_globals etc?

>>and where does it need to be placed

It depends on your hoster, try this:http://www.peterhost.ru/instr3_5.shtml

#!/home/http/cgi-php/php4 -c/home/user/php.ini

4
Ronaldus
Re: protector without htaccess
  • 2007/4/26 21:49

  • Ronaldus

  • Friend of XOOPS

  • Posts: 389

  • Since: 2004/5/8 1


@macmend: may I ask why you want "no php flags in htaccess"?

5
macmend
Re: protector without htaccess (how secure is XOOPS???)
  • 2007/4/27 8:01

  • macmend

  • Quite a regular

  • Posts: 285

  • Since: 2004/2/27


phpsuexec will not allow php flags in htaccess, and this is turned on on my hosting server

this means when I try to use protector and look at its advise, everything shows up in red.

Now it should be possible make the relevant instructions in a php.ini file and add it to all relevant directories,

ahh theres the rub (as shakespeare said) for where should this php.ini file go

You see the last macmend.com site went down the pan because of hackers never mind the data it took years to get the site looking right, modules etc, icons and so on. ....

But let this be a lesson to you all, a backup is no good unless you have also checked it and tried putting it back in place and found the data is all there and good.

In my case the backup was not really there. Even worse if I had backed it up to another part of the server as advised in the backup module I would have had nothing, not even my icons...as they got to the whole server and wiped the lot.

so back to the question which is really what good is protector if you have to use php.ini and how safe is XOOPS in security terms??
Free Mac Support

Ordinary Wisdom

apache server with php sshexec turned on
xoops version 2.0.18.1 & 2.3.1
php version 5.2.5
mysql version 5.0.45

6
Ronaldus
Re: protector without htaccess (how secure is XOOPS???)
  • 2007/4/27 9:52

  • Ronaldus

  • Friend of XOOPS

  • Posts: 389

  • Since: 2004/5/8 1


Thanks for your answer Macmend!

It's obvious you know a lot more about security than I do.
Is, to your opinion, a XOOPS site with Protector module and all "lights green", safe (or as safe as can be) from hackers?

I recently installed Protector on my 2 sites and "re-organised" the folder structure in order to get "all green".

I'm living in the assumption that I'm reasonably safe now, although I do backup local every 2 weeks (and check if it works...).

Cheers,

7
Dave_L
Re: protector without htaccess (how secure is XOOPS???)
  • 2007/4/27 11:16

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


I think you need to have a copy of the php.ini file in every directory that contains a PHP script that can be run by HTTP request, and those individual php.ini files only need contain the settings that are specific to that directory.

I might be wrong about this; I don't have a server with that configuration to test.

But you should be able to test it fairly easily with some experimentation. Run a phpinfo.php file, with the following contents, from various directories to examine the settings for each directory:
<?php phpinfo() ?>


Don't leave the phpinfo.php files around permanently, as they provide hackers with useful info.

Here's a reference on php.ini directives:http://us.php.net/manual/en/ini.php

8
Ronaldus
Re: protector without htaccess (how secure is XOOPS???)
  • 2007/4/27 11:23

  • Ronaldus

  • Friend of XOOPS

  • Posts: 389

  • Since: 2004/5/8 1


Ah, thx, some homework to do...

9
peterr
Re: protector without htaccess (how secure is XOOPS???)
  • 2008/4/24 0:53

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

I think you need to have a copy of the php.ini file in every directory that contains a PHP script that can be run by HTTP request, and those individual php.ini files only need contain the settings that are specific to that directory.

I might be wrong about this; I don't have a server with that configuration to test.


Dave, I have had to check this out in the past, and ..

1. Yes, you do need to have a copy of the php.ini file in every directory that contains a PHP script that can be run by HTTP request. That php.ini file needs to be a full and complete copy of the php.ini that is used for php config. now, plus the modifications needed.

2. I found that just having a php.ini file containing only the settings that are specific for a particular directory, did not work, as it only overrides those few settings, and leaves all other php settings as the default values.
NO to the Microsoft Office format as an ISO standard.
Sign the petition

Login

Who's Online

204 user(s) are online (108 user(s) are browsing Support Forums)


Members: 0


Guests: 204


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits