In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Relationship Graph

[ View Issue ] [ Dependency Graph ]

Viewing Issue Simple Details
ID	Category	Type	Reproducibility	Date Submitted	Last Update
0000180	[In-Portal CMS] Install / Upgrages	feature request	N/A	2009-08-04 18:40	2009-10-03 07:56

Reporter	Dmitry	View Status	public
Assigned To	alex
Priority	normal	Resolution	fixed
Status	closed

Summary	0000180: Add "Security Check" Step to Installation process
Description	Add "Security Check" Step to Installation process, after Theme selection. 1. Permissions Check: - /index.php (Secure (in greed) or Vulnerable) - /config.php (Secure (in greed) or Vulnerable) - /admin/index.php (Secure (in greed) or Vulnerable) Message for users (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts. [/MESSAGE IN RED] 2. Executing PHP in writable folders: - Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red)) Message for users if Failed (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders. [/MESSAGE IN RED] You can do this by: - changing your httpd.conf file to deny requests for all *.php files. - renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings. Note that "AllowOverride LIMIT" option option should be enabled by your host.
Additional Information