HighFlyerPL185 Posted January 30, 2013 Report Posted January 30, 2013 I have uploaded my site online for a test, however a security question arises. How do you set the permissions correctly on templates and PHP files, so they can't be saved by someone but at the same time work on the server without throwing errors? Quote
flyalaska Posted January 30, 2013 Report Posted January 30, 2013 put a index in your lib/skins folder or block it from your host cpanel. Quote
HighFlyerPL185 Posted January 30, 2013 Author Report Posted January 30, 2013 The index file doesn't solve the case for me sadly How can I do this through cPanel? Quote
flyalaska Posted January 30, 2013 Report Posted January 30, 2013 do you have cpanel? What happens when you do the index? Quote
HighFlyerPL185 Posted January 30, 2013 Author Report Posted January 30, 2013 I do have cPanel, yes. In regards to index, nothing changes, I can still download templates and PHP files through the browser. Quote
flyalaska Posted January 31, 2013 Report Posted January 31, 2013 are you putting the index in your skin named folder? Not in lib/skins. Put it in lib/skins/XXX Quote
HighFlyerPL185 Posted January 31, 2013 Author Report Posted January 31, 2013 Oh, right, that was the mistake. However, it still gives me the same result when I place it in lib/skins/XXX though Quote
Sava Posted January 31, 2013 Report Posted January 31, 2013 You can block viewing of indexes and direct access to files. Add this to the .htaccess file. Options All -Indexes <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$"> Order Allow,Deny Deny from all </FilesMatch> Btw, if the server lets you actually DOWNLOAD .php files than apache or whatever you are running isn't set correctly and that is a big issue. Quote
HighFlyerPL185 Posted January 31, 2013 Author Report Posted January 31, 2013 It is a big issue indeed, that's why I'd like to get rid of it. I tried CHMOD on the templates and PHP files, but either the website would break, with "Permission denied" or it would just be downloadable. It also solved the issue, thank you Now I get a 403 forbidden page. Quote
Sava Posted January 31, 2013 Report Posted January 31, 2013 Yep, it returns a 403 for viewing the directories without an index. You can customize the error returned and create a custom error pages. Glad I could help. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.