-
AuthorPosts
-
woluweb Friend
woluweb
- Join date:
- October 2012
- Posts:
- 196
- Downloads:
- 18
- Uploads:
- 69
- Thanks:
- 68
- Thanked:
- 31 times in 3 posts
January 15, 2014 at 12:34 pm #193771Hi,
I was working on improving the security of something like 10 websites for which I take care of…
and in all of them I have discovered there were plenty of folders generated by JA Extensions Manager with permission rights set to 777 (most of the time, I would have a mix : some folders 755 and others 777. Sometimes like a few hundreds on 777 !).Having discovered this, I try to manually set them to 755… but I can not keep doing that every time I use JA Extensions Manager for every single site.
And I don’t have to tell you that this is a big security issue leaving folders on your website with 777 permission 🙂
So so :
– is it a question of configuration ?
– if it is a “bug”
– is there a fix coming ?
– is there a temporary hack we can apply in the meantime ?Txs in advance folks !
Marc
Ninja Lead ModeratorNinja Lead
- Join date:
- November 2014
- Posts:
- 16064
- Downloads:
- 310
- Uploads:
- 2864
- Thanks:
- 341
- Thanked:
- 3854 times in 3563 posts
January 16, 2014 at 8:34 am #518665I have informed our development team about this problem and be confirmed
that all folder permission is set to 755.For the best performance, please upgrade JA EM to the latest version ( 2.5.7).
With old folder permission 777, set permission back to 755 manually. Below are files that need being changed:
administrator/components/com_jaextmanager/lib/config_joomla.php
administrator/components/com_jaextmanager/lib/jaupdater/core/bean/Products.php
administrator/components/com_jaextmanager/lib/jaupdater/core/helper/MysqlHelper.php
administrator/components/com_jaextmanager/lib/UpdaterClient.php
woluweb Friendwoluweb
- Join date:
- October 2012
- Posts:
- 196
- Downloads:
- 18
- Uploads:
- 69
- Thanks:
- 68
- Thanked:
- 31 times in 3 posts
January 16, 2014 at 3:31 pm #518725Txs Ninja Lead,
I think there is a little misunderstanding : of course (and fortunately !), the files of the component itself (you mention administrator/components/com_jaextmanager) are have the right permission.
I was speaking here of the folders generated by the component, namely under
/www/jaextmanager_data
Can you re-ask the developers ? 🙂
Txs,
Marc
Ninja Lead ModeratorNinja Lead
- Join date:
- November 2014
- Posts:
- 16064
- Downloads:
- 310
- Uploads:
- 2864
- Thanks:
- 341
- Thanked:
- 3854 times in 3563 posts
January 17, 2014 at 3:00 am #518783Hi Marc,
Apologize for my misunderstanding. It is true that the local repository (jaextmanager_data) should be set with 755. Our development team has been notified on this to get it fixed. The update is expected to be available at the end of next week.
-
1 user says Thank You to Ninja Lead for this useful post
woluweb Friendwoluweb
- Join date:
- October 2012
- Posts:
- 196
- Downloads:
- 18
- Uploads:
- 69
- Thanks:
- 68
- Thanked:
- 31 times in 3 posts
January 17, 2014 at 9:13 am #518828yahoooo !
thanks & congrat’s 🙂
I understand the new version will at least no more create folders with 777 permissions.
But will it also check whether some created folders of the past have already been assigned 777… and correct them automatically ? (or shall everyone have to check manually & correct manually ?)Anyway, I am very happy (for me but also for the community of Joomlart users) that this is solved because 777 can potentially lead to big security problems.
AuthorPostsViewing 5 posts - 1 through 5 (of 5 total)This topic contains 5 replies, has 2 voices, and was last updated by woluweb 10 years, 11 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum
security issue: permission set to 777 in many (sub)folders generated by the extension
Viewing 5 posts - 1 through 5 (of 5 total)