Post by HenrysCat » Fri Jul 23, 2021 10:39 pm

I have found loads of posts on how to move, but why?
Surely all user details, emails/passwords etc are in the SQL database? right?
Very curious about this.
Thanks all
Last edited by HenrysCat on Sat Jul 24, 2021 2:33 am, edited 1 time in total.

OC Version 3.0.3.7 - Debian 10 - ISPConfig


Newbie

Posts

Joined
Fri Jul 23, 2021 2:01 pm

Post by straightlight » Fri Jul 23, 2021 11:20 pm

TWIG engine, cache files, vendors files.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by thekrotek » Sat Jul 24, 2021 12:33 am

There's absolutely no need to do this, it adds nothing to anything, just annoys you as well as folder restrictions in Extension Installer. Simply remove the nag screen and keep using the default storage path.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by straightlight » Sat Jul 24, 2021 12:44 am

Take note that the analogy to state that the need to move the storage folder is not necessary might be based on server-related manners.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by HenrysCat » Sat Jul 24, 2021 1:43 am

thekrotek wrote:
Sat Jul 24, 2021 12:33 am
There's absolutely no need to do this, it adds nothing to anything, just annoys you as well as folder restrictions in Extension Installer. Simply remove the nag screen and keep using the default storage path.
Thank you

OC Version 3.0.3.7 - Debian 10 - ISPConfig


Newbie

Posts

Joined
Fri Jul 23, 2021 2:01 pm

Post by ADD Creative » Sat Jul 24, 2021 2:34 am

HenrysCat wrote:
Sat Jul 24, 2021 1:43 am
thekrotek wrote:
Sat Jul 24, 2021 12:33 am
There's absolutely no need to do this, it adds nothing to anything, just annoys you as well as folder restrictions in Extension Installer. Simply remove the nag screen and keep using the default storage path.
Thank you
If you are not moving it you need to a least deny access to it. The log files can be useful to an attacker. You also can't account for a badly written extension assuming it's not accessible.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by paulfeakins » Mon Jul 26, 2021 5:55 pm

ADD Creative wrote:
Sat Jul 24, 2021 2:34 am
If you are not moving it you need to a least deny access to it. The log files can be useful to an attacker. You also can't account for a badly written extension assuming it's not accessible.
But this from the default .htaccess prevents that:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
 Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by ADD Creative » Mon Jul 26, 2021 10:47 pm

paulfeakins wrote:
Mon Jul 26, 2021 5:55 pm
ADD Creative wrote:
Sat Jul 24, 2021 2:34 am
If you are not moving it you need to a least deny access to it. The log files can be useful to an attacker. You also can't account for a badly written extension assuming it's not accessible.
But this from the default .htaccess prevents that:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
 Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
That will prevent access to log files, etc. But there is nothing wrong in being cautious and adding a deny all to the whole storage folder.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: alanjones, Bing [Bot] and 84 guests