Script Pulse

Trade Pulse => Trade Pulse Support => Topic started by: slizard1 on June 16, 2009, 12:32:11 PM

Title: Unprotected install.php in tp/graph, why?
Post by: slizard1 on June 16, 2009, 12:32:11 PM

Hi,

there's a file called install.php in tp/graph on each of my sites & the thing is, it seems to be accessible from any browser to anyone without login.
http://www.domain.com/tp/graph/install.php.

I don't understand why an installer is needed in the graph folder & why it's so easy to access it.

Have any clue what is for this installer & why it's unprotected as it is? :-/

I have renamed them until I get an answer.

Thanks.

Title: Re: Unprotected install.php in tp/graph, why?
Post by: slizard1 on June 16, 2009, 12:40:14 PM

I'd love to have more protections added to TP.  I don't like too much the fact to see all PHP files 777 specially with allow_url_fopen ON.

90% of all the PHP files are used by me only & I'd love to have at least some htaccess files in every dir that would restrict access to it to my IP only.

I don't know which files I'd need to not restrict to not break the script.

Would it be possible to give us the files that would need to not be restricted by htaccess in order for the script to work properly.

I'm sure there's other peeps that would love to get this info.

Also, if I change CHMOD on all PHP files to 444, would this create issues?