What permissions should I set my files to on a LIVE site ?
The main point is to set correct file permissions.
First make sure that you changed back permissions that you set during the installation:
chmod 777 .
chmod 666 config.php
Also make sure that your php scripts have 0644 permissions and directories have 0755 except for some special directories like: admin/newsletter and templates_c.
Make sure that SQL connections are allowed only from the local machine.
Protect script install.php with new Auth code or delete it completely.
For extra security you may want to disable trans_sid PHP feature.
Try to access your admin interface only via HTTPS protocol (start your URL with https://)
Do not keep any unnecessary files in your web drectory (for example X-cart distribution archive).
Forbid directory listing in your web server, so no one can browse through your script directories.
Thats all I can remember at the moment.
This information came direct from the Xcart team
|