Magento Apache configuration (app/etc/local.xml accessible warning)
Magento uses .htaccess files in various directories to deny access to the directory trees. You will find them in app, media, var, and wherever else Magento sees fit to stick them. They do various things like deny viewing (app, var), executing (media .htaccess). For these .htaccess files to work, it is really important that the following be set in either the doc root .htaccess or in the virtual server configuration.
Options FollowSymLinks
AllowOverride All
More than likely, Magento detects that the app directory .htaccess file isn't being allowed to deny network access to your app/etc/local.xml file, so all your database credentials and encryption key are visible to anyone with a web browser.
Another issue might be that your file/directory permissions are too lax.
For Magento running under FastCGI, SuPHP or LSAPI
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
For Magento running under DSO (mod_php)
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod o+w var var/.htaccess app/etc
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
chmod -R o+w media
For the question below, the app/etc folder is supposed to have the following .htaccess file in place. Trying to read anything through the server should throw a 403 error. Your next step is to get in touch with your web hoster to find out why that file is not being honored.
Order deny,allow
Deny from all
Note: If you are using alternative http servers like nginx, you must search down all of the .htaccess files created in Magento's directory tree and recreate all the .htaccess functions used by Magento in your nginx setups so you have the same file/directory protections as a standard Apache DSO install. Same goes for Windows installations on IIS.
What are the security issues if the local.xml in Magento is publicly accessible?
The world would have your DB connection information, also the crypt key is right there so they can break all your customer's secure information.
Magento blocks access to etc from app via .htaccess in that directory.
Order deny,allow
Deny from all
Magento admin login failed on cloud server
This may help - this isn't my answer but I know its worked for people with the same issue.
Id put your password back as it was - hope you kept a backup!
If you are having trouble to get logged in with the correct username and password, here are some ideas. If you have used google chrome to install magento, use firefox to open magento and edit the app/code/core/Mage/Core/Model/Session/Abstract/Varien.php file within your magento directory and comment those below lines
$cookieParams = array(
'lifetime' => $cookie->getLifetime(),
'path' => $cookie->getPath()
// 'domain' => $cookie->getConfigDomain(),
// 'secure' => $cookie->isSecure(),
// 'httponly' => $cookie->getHttponly()
);
And use your credentials to log in. I hope this works for you!!!
Related Topics
Determine Tsc Frequency on Linux
How to Echo a Sum of a Variable and a Number
How to Use Awk for a Compressed File
How to Release Hugepages from the Crashed Application
Start-Stop-Daemon Quoted Arguments Misinterpreted
Undefined Reference to Symbol 'Dlsym@@Glibc_2.4'
Codeigniter Url Rewriting .Htaccess Is Not Working on Centos
How to Change Version String of the Kernel
Cannot Install Extensions in Visual Studio Code
How to Create a Hex Dump of File Containing Only the Hex Characters Without Spaces in Bash
How to Read a Sector Using a Bio Request in Linux Kernel
Lowest Latency Notification Method Between Process Under Linux
Shell Script Change Directory with Variable
How to Implement a Practical Fiber Scheduler
Linux Terminal: How to Capture or Watch Other Terminal Session
Dhcp Server to Redirect Any Url to Landing Page
Newbie on Debian and Trying to Make Java 7 the Default Java Version Used