After a Zen-Cart or osCommerce installation you may receive the following warning:
“Warning: I am able to write to the configuration file: /home/user/public_html/includes/configure.php.”
The configuration file holds information about the installation including the database password access information. If the file is writable, it may be possible to make changes to it that would break the shopping cart. So, it is important to keep this file and its admin/includes location secure and unwriteable from any changes. In order to fix this osCommerce security issue you can follow these steps:
- Log in your cPanel and go to the File manager.
- First navigate to your store’s directory and then go to the includes directory where you will find the configure.php file.
- Click on the file in question and from the top right menu change its permissions to 444
You will also have to change the permissions of
/admin/includes/configure.php in your store’s admin/includes directory. There will be no warning for this file in a stock osCommerce installation. It is best to be safe by checking it every time you see this message. If you don’t have cPanel hosting for osCommerce, you can change the permissions using any FTP client (list of setup guides to various ftp clients) or submit an issue to your hosting provider. We’ll cover many more procedural steps for osCommerce security in 2014.