Using ProductCart - Read/Write Folder Permissions

Print Page | Close Window

Read/Write Folder Permissions

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Using ProductCart
Forum Description: Running your store with ProductCart
URL: https://forum.productcart.com/forum_posts.asp?TID=5038
Printed Date: 09-March-2025 at 12:20am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: Read/Write Folder Permissions

Posted By: robguay
Subject: Read/Write Folder Permissions
Date Posted: 08-March-2012 at 11:35am

Quote from--> wiki.earlyimpact.com

"Set the following folder permissions for the “Internet User” (IUSR) or the “Everyone”:

READ/WRITE on the productcart folder and all of its files and folders.
READ/WRITE/DELETE on the productcart/includes folder and all of its files and folders
READ/WRITE/DELETE on the productcart/pcadmin folder and all of its files and folders"

This seems extreme does anyone have a better security structure on your web site?

-------------
Robert J Guay Jr

Replies:

Posted By: Hamish
Date Posted: 08-March-2012 at 6:46pm

Hi,
ProductCart is PCI compliant with the folder permissions set exactly like that so I don't believe you have any reason for concern. We have never heard of any store compromised because of the folder permissions and you can be certain we would have changed the advised settings if we had.

From our home page...
"Robust, flexible, reliable, and secure.
Among other things, ProductCart is one of the few shopping carts to have been officially ../productcart/pci-compliant-shopping-cart-software.asp" rel="nofollow - PA-DSS validated ."

-------------
Editing ProductCart Code?

See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code

Posted By: robguay
Date Posted: 09-March-2012 at 10:11am

Which folders are absolutley required to have write permissions?

-------------
Robert J Guay Jr

Posted By: Guests
Date Posted: 10-March-2012 at 1:07am

I'm agreed with Hamish, but if you want to nit pick it, you'd have to go down to the file level.

If you really want to manage a "non-issue" at this level, you're probably going to be on your own to pick through them as it's rather a waste of our time to consider this, IMHO.

Posted By: Dayv3
Date Posted: 10-March-2012 at 12:24pm

"Set the following folder permissions for the “Internet User” (IUSR) or the “Everyone”:

READ/WRITE on the productcart folder and all of its files and folders.

Just in case anyone has trouble or confusion with this directory, remember that in the productcart directory may have been renamed to something like store. I spent some time, with frustration, on this issue. I had Early Impact install my software and never knew that they renamed the directory to store. I could not find the productcart directory to set the permissions. I thought it was the pc directory under store, which is incorrect... so went on the frustrations as to why I could not get the permissions set correctly.

Eventually, I opened a ticket and after a few back and forths with tech support (with frustration on both sides) we finally got it figured out. I hope this helps anyone who may have tripped on the same issue.

Dave

Posted By: Guests
Date Posted: 13-March-2012 at 12:05am

Dayv3 wrote:

"Set the following folder permissions for the “Internet User” (IUSR) or the “Everyone”:

READ/WRITE on the productcart folder and all of its files and folders.

This wouldn't/shouldn't work as the /includes/ and /"pcadmin"/ directories need "modify"/"delete" permissions. "Read/Write" permissions on the entire application is not sufficient, and maybe not the best idea.

What's more, my earlier post assumed @robguay thought the permissions were too loose and wanted to ratchet them down. I think this is what Hamish thought as well. However, I didn't flush out that take on it well enough "at the file level" as the issue there would mean rather significantly altering PC to find the files it needs to write and modify in directories one would have to custom create and then go modify the application for (and maintain with upgrades, etc.). Just doesn't seem remotely worth it when there is no real security issue here.

Posted By: Greg Dinger
Date Posted: 13-March-2012 at 12:11am

Agreed. When one configures this or that, various settings files get written. Generate a store map or category navigation and more files are written. Ship orders and shipping label-related files are produced. It goes on and on.

It would be extremely laborious to try to work through the entire list of files that the system might eventually want to tough, and to try to granularly set the permissions on every possible file that needs to be touched.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: Guests
Date Posted: 13-March-2012 at 12:32am

robguay wrote:

Which folders are absolutley required to have write permissions?

Ok, @robguay, the "big wigs" here have weighed in (Hamish, Greg/GBDG, Sean/WMS): do you still have a concern here? We think you shouldn't.

Personally, I think you should not waste any development juice getting hung up here and just go build yourself an awesome store.

ON a side note, though, perhaps your real concern here should be on how to clean up on a lot of those files that get written temporarily. Greg's been an "advanced guard" on that issue, and WMS has worked on this issue as well. Not a big deal, but more of a concern than the required permissions issues.