Anonymous | Login | Signup for a new account | 2024-04-18 22:44 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Relationship Graph | [ View Issue ] [ Dependency Graph ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000180 | [In-Portal CMS] Install / Upgrages | feature request | N/A | 2009-08-04 18:40 | 2009-10-03 07:56 |
Reporter | Dmitry | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000180: Add "Security Check" Step to Installation process | ||||
Description |
Add "Security Check" Step to Installation process, after Theme selection. 1. Permissions Check: - /index.php (Secure (in greed) or Vulnerable) - /config.php (Secure (in greed) or Vulnerable) - /admin/index.php (Secure (in greed) or Vulnerable) Message for users (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts. [/MESSAGE IN RED] 2. Executing PHP in writable folders: - Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red)) Message for users if Failed (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders. [/MESSAGE IN RED] You can do this by: - changing your httpd.conf file to deny requests for all *.php files. - renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings. Note that "AllowOverride LIMIT" option option should be enabled by your host. |
||||
Additional Information |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |