Hello All,
I read again a hacking thread:
[url]http://forum.cs-cart.com/showthread.php?t=13829[/url]
In this thread, it’s advisable to turn on suEXEC. If you do not know (or you don’t remember) what suEXEC is, please read this Wikipedia page:
[url]http://en.wikipedia.org/wiki/SuEXEC[/url]
Here is the official suEXEC Apache Support webpage:
[url]http://httpd.apache.org/docs/2.0/suexec.html[/url]
I just turn it on. In 2 minutes flat. Here is the fast & easy step-by-step guide page of my web hosting company:
[url]http://www.pair.com/support/knowledge_base/authoring_development/using_suexec.html[/url]
Everything works perfectly. In addition, the pages load as quickly as without suEXEC.
It seems to have no slowdown. A before / after with WebPage Test does not show any slowdown:
[url]http://www.webpagetest.org/[/url]
Here are WebPage Test results of my home page (before/after are the same):
Load Time: 1.595s
First Byte: 0.571s
Start Render: 1.059s
So if you too can run suEXEC as easily - without slowing down your website - so let turn it on, suEXEC is an excellent tool against piracy.
Lee Li Pop
Thanks.
Hello Gginorio,
One reason to use suEXEC is to restrict access to the sensitive information such as passwords.
The CS-Cart most important file is the “config.php” file, containing your database password, username, etc… and the “AUTH_CODE” needed and asked when you reinstall CS-Cart.
To restrict access to your “config.php” file, you must set the permissions for this file that includes the passwords to “700”. Changing permissions can be done by using the “chmod”.
However, without suEXEC this is not always possible to set permissions to “700” on some important and sensible files (depending of your web hosting company rules).
With suEXEC, I can set the permissions for “config.php” to “700” and up to “400”. I set permission to “400”, in this way the owner alone can read and accessed to this file.
I was using cgiwrap before, but Pair.com write a caution about cgiwrap:
[QUOTE]Please note that if you use cgiwrap on many of your files, this could cause a slow down in server performance and thus a potential slowdown in the performance of your Web site.[/QUOTE]
source: [url]http://www.pair.com/support/knowledge_base/authoring_development/system_cgi_cgiwrap.html[/url]
Unlike to cgiwrap, with suEXEC, I note none visual or felt slowing down.
Even on a big page like a request displaying a full list of 114 products of a manufacturer on one single page.
Under same request charge, cgiwrap fails to display the page. suEXEC succeed as quickly as without suEXEC 
So, I choose to keep suEXEC, increasing my security level in the same way.
Thanks to suEXEC, I set permission to my whole PHP and TPL files to “400”, increasing my safety, making any attempt of piracy a lot more complicated and difficult.
Internet security, like website optimizing, is an ongoing task!
I’m at Pair.com for 10 year now! Guess why…
Lee Li Pop
Lee - hidden advertising? Again and again…
[quote name=‘Noman’]Lee - hidden advertising? Again and again…[/quote]
I wouldn’t be too concerned Noman, We all know what happens when people take advantage of our community. Suffice to say it’s not exactly pretty.
Hello Noman,
[quote name=‘Noman’]Lee - hidden advertising? Again and again…[/QUOTE]
I just want to show you:
1 - How security is important
2 - How it’s easy to set a high security layer
I know, every worthy web hosting companies offer this “free, fast and easy to set up” security level.
So this is why it’s NOT a hidden advertising, just a “reminder to Turn ON suEXEC on your website”
Oh… A last word:
After having “Turn ON suEXEC”, remember to CHMOD to “400” your important files!
If you don’t know how to do, ask your web hosting support!
Lee Li Pop
Lee
You have stopped advertising your website or having a link to it. This says it all. The only thing you recently do is hidden advertising of your favourite company in almost every post you submit. Am I wrong? I just think you take advantage of this forum. I prefer your posts from the past.
No worries about my VPS. suExec is turned on on my server since I have it. It gave me some problems in the beginning but it’s all sorted. It is not for everyone and not for every PHP script or configuration. Same with Suhosin - not for everyone.
The bottom line is, if you’re going with your own VPS, think twice if you have enough time and knowledge to play with it and tweak it. If you decide to go with managed VPS, ensure there are no idiots on the other side, who apply same settings for every server and when in trouble, they blame your script.
Your favourite company is nothing special when comparing them to dozens of others. I never heard about them in the past and had a look recently, but I would rate them - average.
However, other hosting companies have bigger budgets for advertisement and that’s why we hear about them, where “P” have you to do the job here and there For a small commission of course.
Hello Noman,
[quote name=‘Noman’]For a small commission of course.[/QUOTE]
No. A big one: $1M 
[quote name=‘Noman’]You have stopped advertising your website or having a link to it. This says it all. The only thing you recently do is hidden advertising of your favourite company in almost every post you submit. Am I wrong? I just think you take advantage of this forum.[/QUOTE]
For free? Yes! And…
For Love!
Love is All Noman, Love is All
Much more, Love is rock solid, faithful and filled with loyalty, because I’m with Pair for 10 years!
[quote name=‘Noman’]I prefer your posts from the past.[/QUOTE]
Please, have a look on this new one:
[url]http://forum.cs-cart.com/showthread.php?p=97219#post97219[/url]
Folllow my advice:
Your website will be faster!
You’re nice Noman!
Noman, could you please tell me if you have a VPS?
If so, are you happy with?
Lee Li Pop
Noman, with all of this talk of Love, I think Lee Li now has a crush on you!
You have this ability to warm the hearts of all the ladies it appears, even Lee Li!