File permissions

[HighFlyerPL185]

I have uploaded my site online for a test, however a security question arises. How do you set the permissions correctly on templates and PHP files, so they can't be saved by someone but at the same time work on the server without throwing errors?

[flyalaska]

put a index in your lib/skins folder or block it from your host cpanel.

[HighFlyerPL185]

The index file doesn't solve the case for me sadly How can I do this through cPanel?

[flyalaska]

do you have cpanel? What happens when you do the index?

[HighFlyerPL185]

I do have cPanel, yes. In regards to index, nothing changes, I can still download templates and PHP files through the browser.

[flyalaska]

are you putting the index in your skin named folder? Not in lib/skins. Put it in lib/skins/XXX

[HighFlyerPL185]

Oh, right, that was the mistake. However, it still gives me the same result when I place it in lib/skins/XXX though

[Sava]

You can block viewing of indexes and direct access to files.

Add this to the .htaccess file.

Options All -Indexes

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$">

Order Allow,Deny

Deny from all

</FilesMatch>

Btw, if the server lets you actually DOWNLOAD .php files than apache or whatever you are running isn't set correctly and that is a big issue.

[HighFlyerPL185]

It is a big issue indeed, that's why I'd like to get rid of it. I tried CHMOD on the templates and PHP files, but either the website would break, with "Permission denied" or it would just be downloadable.

It also solved the issue, thank you Now I get a 403 forbidden page.

[Sava]

Yep, it returns a 403 for viewing the directories without an index. You can customize the error returned and create a custom error pages.

Glad I could help.