In-Portal Issue Tracker - In-Portal CMS
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Type: | Reproducibility: | Date Submitted: | Last Update: |
180 | [In-Portal CMS] Install / Upgrages | feature request | N/A | 2009-08-04 18:40 | 2009-10-03 07:56 |
|
|||||
Reporter: | Dmitry | Platform: | |||
Assigned To: | alex | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 5.0.0 | ||
Product Build: | Resolution: | fixed | |||
ETA: | none | Fixed in Version: | 5.0.1 | ||
Reference: | |||||
Change Log Message: | |||||
Estimate Points: | 0 | ||||
|
|||||
Summary: | 0000180: Add "Security Check" Step to Installation process | ||||
Description: |
Add "Security Check" Step to Installation process, after Theme selection. 1. Permissions Check: - /index.php (Secure (in greed) or Vulnerable) - /config.php (Secure (in greed) or Vulnerable) - /admin/index.php (Secure (in greed) or Vulnerable) Message for users (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts. [/MESSAGE IN RED] 2. Executing PHP in writable folders: - Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red)) Message for users if Failed (don't include this line): [MESSAGE IN RED] For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders. [/MESSAGE IN RED] You can do this by: - changing your httpd.conf file to deny requests for all *.php files. - renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings. Note that "AllowOverride LIMIT" option option should be enabled by your host. |
||||
Steps To Reproduce: |
Check whether PHP file(s) can be created/executed in /system and/or /system/images folders. As was suggested let's use cURL for this tests. |
||||
Additional Information: | |||||
Relationships | |||||
Attached Files: | |||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2009-10-03 07:56 | administrator | Note Added: 0000729 | |||
2009-10-03 07:56 | administrator | Status | resolved => closed | ||
2009-09-18 07:22 | alex | Type | bug report => feature request | ||
2009-09-18 07:22 | alex | Reproducibility | always => N/A | ||
2009-08-05 11:02 | alex | Note Added: 0000252 | |||
2009-08-05 11:00 | alex | Fixed in Version | => 5.0.1 | ||
2009-08-05 10:59 | alex | Note Added: 0000251 | |||
2009-08-05 10:59 | alex | Status | reviewed and tested => resolved | ||
2009-08-05 10:59 | alex | Resolution | open => fixed | ||
2009-08-05 10:59 | alex | Changeset attached | 5.0.x r12199 | ||
2009-08-04 19:15 | Dmitry | Priority | critical => normal | ||
2009-08-04 19:15 | Dmitry | Priority | normal => critical | ||
2009-08-04 18:55 | Dmitry | Category | Security => Install / Upgrages | ||
2009-08-04 18:44 | Dmitry | Changeset attached | 5.0.x r12175 | ||
2009-08-04 18:43 | Dmitry | Changeset attached | 5.0.x r12174 | ||
2009-08-04 18:40 | Dmitry | New Issue | |||
2009-08-04 18:40 | Dmitry | Status | active => reviewed and tested | ||
2009-08-04 18:40 | Dmitry | Assigned To | => alex |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|