test
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • woluweb Friend
    #193771

    Hi,

    I was working on improving the security of something like 10 websites for which I take care of…
    and in all of them I have discovered there were plenty of folders generated by JA Extensions Manager with permission rights set to 777 (most of the time, I would have a mix : some folders 755 and others 777. Sometimes like a few hundreds on 777 !).

    Having discovered this, I try to manually set them to 755… but I can not keep doing that every time I use JA Extensions Manager for every single site.

    And I don’t have to tell you that this is a big security issue leaving folders on your website with 777 permission 🙂

    So so :

    – is it a question of configuration ?
    – if it is a “bug”
    – is there a fix coming ?
    – is there a temporary hack we can apply in the meantime ?

    Txs in advance folks !

    Marc

    Ninja Lead Moderator
    #518665

    I have informed our development team about this problem and be confirmed
    that all folder permission is set to 755.

    For the best performance, please upgrade JA EM to the latest version ( 2.5.7).

    With old folder permission 777, set permission back to 755 manually. Below are files that need being changed:


    administrator/components/com_jaextmanager/lib/config_joomla.php
    administrator/components/com_jaextmanager/lib/jaupdater/core/bean/Products.php
    administrator/components/com_jaextmanager/lib/jaupdater/core/helper/MysqlHelper.php
    administrator/components/com_jaextmanager/lib/UpdaterClient.php

    woluweb Friend
    #518725

    Txs Ninja Lead,

    I think there is a little misunderstanding : of course (and fortunately !), the files of the component itself (you mention administrator/components/com_jaextmanager) are have the right permission.

    I was speaking here of the folders generated by the component, namely under

    /www/jaextmanager_data

    Can you re-ask the developers ? 🙂

    Txs,

    Marc

    Ninja Lead Moderator
    #518783

    Hi Marc,

    Apologize for my misunderstanding. It is true that the local repository (jaextmanager_data) should be set with 755. Our development team has been notified on this to get it fixed. The update is expected to be available at the end of next week.


    1. JAEM
    woluweb Friend
    #518828

    yahoooo !

    thanks & congrat’s 🙂

    I understand the new version will at least no more create folders with 777 permissions.
    But will it also check whether some created folders of the past have already been assigned 777… and correct them automatically ? (or shall everyone have to check manually & correct manually ?)

    Anyway, I am very happy (for me but also for the community of Joomlart users) that this is solved because 777 can potentially lead to big security problems.

Viewing 5 posts - 1 through 5 (of 5 total)

This topic contains 5 replies, has 2 voices, and was last updated by  woluweb 10 years, 11 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum