http://forum.salescart.com/forum/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sat, 11 Apr 2026 02:13:38 +0000 Tue, 06 Sep 2005 09:58:44 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 11.04 360 forum.salescart.com/forum/RSS_post_feed.asp?TID=410 http://forum.salescart.com/forum/forum_images/web_wiz_forums.png http://forum.salescart.com/forum/ http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1510&title=security-settings-required#1510 Author: Techno Geek
Subject: 410
Posted: September/06/05 at 9:58am

ummm... you're reiterating what I've said in my replies. But yeah, IUSR (the only web account) needs those permissions.]]> Tue, 06 Sep 2005 09:58:44 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1510&title=security-settings-required#1510 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1505&title=security-settings-required#1505 Author: Big Bear
Subject: 410
Posted: September/04/05 at 11:10pm

Ok so does this mean that I should have..

FPDB: READ/WRITE
ONLINE: READ/WRITE
IUSR: READ/WRITE permissions on the database with permissions setup to propagate to the child objects

Or is this incorrect?
]]> Sun, 04 Sep 2005 23:10:42 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1505&title=security-settings-required#1505 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1495&title=security-settings-required#1495 Author: Techno Geek
Subject: 410
Posted: September/01/05 at 10:13am

When you setup permissions on a directory, the child object will inherit the permissions as well. In some rare cases you will have to force the permissions to propagate.]]> Thu, 01 Sep 2005 10:13:33 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1495&title=security-settings-required#1495 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1489&title=security-settings-required#1489 Author: Big Bear
Subject: 410
Posted: August/31/05 at 4:11pm

What about this statement that I located in the Knowledge base???

"The IUSR only needs READ/WRITE permissions on the database directory. The permissions should be setup to propagate to the child objects."

Should this also be set up this way?]]> Wed, 31 Aug 2005 16:11:29 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1489&title=security-settings-required#1489 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1484&title=security-settings-required#1484 Author: Techno Geek
Subject: 410
Posted: August/31/05 at 8:39am

FPDB: READ/WRITE
ONLINE: READ/WRITE

That is it. Anything beyond the privileges above is not necessary.]]> Wed, 31 Aug 2005 08:39:43 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1484&title=security-settings-required#1484 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1480&title=security-settings-required#1480 Author: Big Bear
Subject: 410
Posted: August/30/05 at 11:54am

Again, I apologize for my misscommunication.
This is a really simple request, please don't look into it further than necesasary.

All I wish to know is what REAR WRITE priveleges need to be set up for the SALES CART FOLDERS.

I got into this mess because some of the priveleges aparently gave the HACKER access to my web site so he could run a SCRIPT & change my index.htm page.

In the mean time my host provider killed the READ WRITE priveledges which were set up on my site because they thought that they were too leanent & posed a SECURITY RISK.

All I need to know is the RECOMENDED SALES CART READ WRITE Priveledges which will result in persons to be able to order items from my store.

I only mentioned the version as SQL 5.0 because I thought that it might make a difference as to what READ WRITE priveledges are required.

Big Bear ]]> Tue, 30 Aug 2005 11:54:44 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1480&title=security-settings-required#1480 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1479&title=security-settings-required#1479 Author: Techno Geek
Subject: 410
Posted: August/30/05 at 10:37am

Big Bear: You're using SQL? If so, then the IUSR write privilages wouldn't necessarily apply to your site. The SQL database is hopefully hosted on a remote server and it should be behind a firewall at the very least. This is what your host would do for you.

How did you setup your connection strings? Are you using DSN to connect to the SQL server?]]> Tue, 30 Aug 2005 10:37:25 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1479&title=security-settings-required#1479 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1478&title=security-settings-required#1478 Author: qrsystems
Subject: 410
Posted: August/30/05 at 8:13am

I'm getting similar message on my email on daily bases. The hacker is doing different stuff with my site.

sample of one of the emails is as shown below
Is there any one who can help us on this.

"This is an automated response sent from SalesCart

Security Error: Unable to open referring page.

Order Number: 90
Item Number: edrlcnfjzh@mydomain.com
Posted Price: edrlcnfjzh@mydomain.com
Actual Price: 0

Posting URL: http://www.mydomain.com/
Browser:
Server: www.mydomanin.com "

Thanks
Dave ]]> Tue, 30 Aug 2005 08:13:07 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1478&title=security-settings-required#1478 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1477&title=security-settings-required#1477 Author: Big Bear
Subject: 410
Posted: August/29/05 at 11:41pm

Some of the security settings that I understand need to be set up are..

The IUSR only needs READ/WRITE permissions on the database directory. The
permissions should be setup to propagate to the child objects.

and

Both the /fpdb and /online should have READ/WRITE permissions. The user
that should have this permission is the IUSR.

Am I missing any other settings?

Big Bear
]]> Mon, 29 Aug 2005 23:41:48 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1477&title=security-settings-required#1477 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1476&title=security-settings-required#1476 Author: Big Bear
Subject: 410
Posted: August/29/05 at 8:06pm

Perhaps I wasn't clear enough, that is my fault due to ignorance of the server permission requirements..
What I meant to ask is what are the server side permissions supposed to be set up as.
I know some stuff is supposed to be set up as Read Only & yet others get Write Privileges.
I hope this is clear enough as I am not very familiar with what is required for Sales Cart SQL to be set up properly on the server side.

It seems I had a Global Write privilege set up.. I do not know why but I seem to remember it was required or Sales Cart SQL would not work properly. Anyway... this is how the Hacker got in.

What I need to know now is what server side permission settings are required for Sales Cart SQL to function correctly & yet give me a secure web site.

thanks,
Big Bear
]]> Mon, 29 Aug 2005 20:06:08 +0000 http://forum.salescart.com/forum/forum_posts.asp?TID=410&PID=1476&title=security-settings-required#1476