I have found loads of posts on how to move, but why?
Surely all user details, emails/passwords etc are in the SQL database? right?
Very curious about this.
Thanks all
Surely all user details, emails/passwords etc are in the SQL database? right?
Very curious about this.
Thanks all
Last edited by HenrysCat on Sat Jul 24, 2021 2:33 am, edited 1 time in total.
OC Version 3.0.3.7 - Debian 10 - ISPConfig
TWIG engine, cache files, vendors files.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
There's absolutely no need to do this, it adds nothing to anything, just annoys you as well as folder restrictions in Extension Installer. Simply remove the nag screen and keep using the default storage path.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Take note that the analogy to state that the need to move the storage folder is not necessary might be based on server-related manners.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Thank you
OC Version 3.0.3.7 - Debian 10 - ISPConfig
But this from the default .htaccess prevents that:ADD Creative wrote: ↑Sat Jul 24, 2021 2:34 amIf you are not moving it you need to a least deny access to it. The log files can be useful to an attacker. You also can't account for a badly written extension assuming it's not accessible.
Code: Select all
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Guru Member
That will prevent access to log files, etc. But there is nothing wrong in being cautious and adding a deny all to the whole storage folder.paulfeakins wrote: ↑Mon Jul 26, 2021 5:55 pmBut this from the default .htaccess prevents that:ADD Creative wrote: ↑Sat Jul 24, 2021 2:34 amIf you are not moving it you need to a least deny access to it. The log files can be useful to an attacker. You also can't account for a badly written extension assuming it's not accessible.Code: Select all
# Prevent Direct Access to files <FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))"> Require all denied ## For apache 2.2 and older, replace "Require all denied" with these two lines : # Order deny,allow # Deny from all </FilesMatch>
Who is online
Users browsing this forum: niagato, Semrush [Bot] and 649 guests