1
layton56
xoops_lib & xoops_data
  • 2012/4/23 3:35

  • layton56

  • Just popping in

  • Posts: 2

  • Since: 2012/4/3 1


Hi there. My first installation.
I have got all the way through install, at one point I was advised to rename xoops_lib & xoops_data and remove them from the root. So I created a new folder, moved the two dirs into it and renamed them. This stopped the installation in its tracks so I had to put them back. Now I am in the admin panel, the warnings are there to move the dirs? I have no Idea where to? Having redone my original shuffle, I get an error page. So they now sit in their original positions as per the upload.
Help would be great.
Cheers
Layton

2
ccm1121
Re: xoops_lib & xoops_data
  • 2012/4/23 4:36

  • ccm1121

  • Just popping in

  • Posts: 4

  • Since: 2009/12/15


Hi,

Just remove the two folders out of the root & update the new path in the mainfile.php.


3
Mamba
Re: xoops_lib & xoops_data
  • 2012/4/23 4:40

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


Please read the Installation Guide
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

4
deka87
Re: xoops_lib & xoops_data
  • 2012/4/23 4:49

  • deka87

  • Friend of XOOPS

  • Posts: 1125

  • Since: 2007/10/5


If your xoops_data and xoops_lib now locate at say /home/www/xoops_data and /home/www/xoops_lib you've got to move them to e.g. /home/xoops_data and /home/xoops_lib or /xoops_data and /xoops_lib and correct the paths in the mainfile.php (change the attributes to 777 when you do so, and change it back to 444 when it's finished, otherwise you will get another warnign message).
Mind anchors

5
DCrussader
Re: xoops_lib & xoops_data

Quote:

Just remove the two folders out of the root & update the new path in the mainfile.php.


This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder (and I can make u one XOOPS in that way, so everyone willing to hack it, to hack it), even u don't need to install Xorify and/or Protector. None of this 3 steps are required for playing with it. Those changes was made bcz of some paranoid site administrators with the buggiest ever 2.3.x core.

If u check current releases of all modules, you will see that no one of those modules from the forums Blue-Move or testing area (by Wishcraft and others uses this "most secure" way by placing important parts of the modules in /xoops_lib like protector.

Edit: Noticed that you're post in 2.3.x area.... this is the worst way of trying XOOPS, always use latest, and this areas 2.3.x/2.4.x/2.0.x should be locked and moved to archive. 2.0/2.2 Mithrandir/2.3/2.4 don't exists anymore, there are no modules for them, no one writes patches for them, no one maintain them with bug-fix releases, security holes patches....
May The Source Be With You!

6
Peekay
Re: xoops_lib & xoops_data
  • 2012/4/23 12:45

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:

DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


+1

I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it. There are many shared hosting providers who simply do not allow folders outside the site root.
A thread is for life. Not just for Christmas.

7
Anonymous
Re: xoops_lib & xoops_data
  • 2012/4/23 13:52

  • Anonymous

  • Posts: 0

  • Since:


Quote:
DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


A cms is save until a new flaw is detected... So why compromise security by not taking all safety measures you can use?

Quote:
Peekay wrote: I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it.


But what if not warning users would lead to many compromised xoops sites? I guess this would be more harmfull for xoops then a few users not using it by lack of knowledge.

I agree with you both this warnings could use some extra explanation in the install script or on the main admin page. And be clear about what are the risks when ignoring them.

8
Dante7237
Re: xoops_lib & xoops_data
  • 2012/4/23 14:11

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


Move the folders out of root. Like Flipse said there's no reason not to.
More troubling than the presentation of info re: the "Trust Path" is the lack of insistence that people adjust the php.ini files correctly.

Doesn't matter where you locate the trust path if folks are able to traverse directories due to a php.ini oversight.

There's also a great example of an .htaccess file here somewhere that should come stock with the cms package.

Its always that 1 thing you overlook, or deem not required that will be the thing that gets exploited..

And yes, XOOPS is the most secure cms I've found. That doesn't mean anyone should get lazy about doing all the right things..
The more I know, the more I know that I really didn't wanna know.

9
Peekay
Re: xoops_lib & xoops_data
  • 2012/4/23 14:34

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:

Dante7237 wrote:
Move the folders out of root. Like Flipse said there's no reason not to.


There is a reason. Many of the low-price, shared-hosting services used by charities and community groups don't allow it.

GoDaddy for example.

These organisations can't always afford to 'get a better hosting package'.
A thread is for life. Not just for Christmas.

10
Dante7237
Re: xoops_lib & xoops_data
  • 2012/4/23 18:19

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


If a 5 dollar hosting account is a prohibitive factor, then they have far bigger troubles..

There are many other hosting solutions that offer the needed tools cheap.
The more I know, the more I know that I really didn't wanna know.

Login

Who's Online

170 user(s) are online (105 user(s) are browsing Support Forums)


Members: 0


Guests: 170


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits