Persistent security warnings
Unsolved
Dolibarr
-
All the users of the app see this persistent, security warning:
Warning, your config file (htdocs/conf/conf.php) can be overwritten by the web server. This is a serious security hole. Modify permissions on file to be in read only mode for operating system user used by Web server. If you use Windows and FAT format for your disk, you must know that this file system does not allow to add permissions on file, so can't be completely safe. This security warning will remain active as long as the vulnerability is present.
This seems unnecessary and a bit of a nuisance to not be able to remove it.
What to do about this?
-
Also, this other warning:
Warning, once setup is finished, you must disable the installation/migration tools by adding a file install.lock into directory /app/data/dolibarr. Omitting the creation of this file is a grave security risk. This security warning will remain active as long as the vulnerability is present.
I had removed this, by following the displayed instructions, but it seems, the
install.lock
got deleted automatically by Cloudron after some time/a restart.