Announcement

Collapse
No announcement yet.

Security Questions after Fresh Install

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    Originally posted by kjmz
    Do you think it's really neccessary to password protect the "includes" directory. I want to be safe but I don't want the site down.
    It won't shut down the site because when the files are read for processing the system uses the filesystem permissions. .htaccess is specific to Apache and certain other webservers and only regulates what is done when a web browser tries to access a page.

    Leave a comment:


  • iardon
    replied
    It won't shut down the site. At least it didn't to mine.

    Leave a comment:


  • kjmz
    replied
    Do you think it's really neccessary to password protect the "includes" directory. I want to be safe but I don't want the site down.

    Leave a comment:


  • Still Waters
    replied
    Originally posted by RichM
    I also suggest password protecting /includes/ too.
    Done. Thanks, Rich.

    Leave a comment:


  • RichM
    replied
    Originally posted by iardon
    Newbie question....

    What can someone do with your database name/password from the config file? How bad is it if someone gets it?
    They could use a remote administration program that allows people to connect to MySQL databases and edit them. Sort of like phpmyadmin but not web based. Depending on your server configuration, they may also be able to connect other remotely hosted scripts to your database, and initiate queries from it.

    Leave a comment:


  • iardon
    replied
    Originally posted by RichM
    I also suggest password protecting /includes/ too. (It doesn't cause problems as one may think) Sometimes, an apache error can cause .php files to be served up as downloads, if this happens, people may be able to download config.php
    Newbie question....

    What can someone do with your database name/password from the config file? How bad is it if someone gets it?

    Leave a comment:


  • RichM
    replied
    I also suggest password protecting /includes/ too. (It doesn't cause problems as one may think) Sometimes, an apache error can cause .php files to be served up as downloads, if this happens, people may be able to download config.php

    Leave a comment:


  • Still Waters
    replied
    Originally posted by Steve Machol
    1. Don't delete any folders. Just delete the install* and upgarde* files in the install folder.
    Done. Thanks, Steve.

    Originally posted by Steve Machol
    2. Password protect your admincp and modcp folders.
    Done. Thanks, Steve.

    Originally posted by Wayne Luke
    Personally, I put htaccess authorization on the install folder as well as the admincp and modcp folders.
    Done. Thanks, Wayne.



    The includes folder contains the config.php file.
    Do these need a password?

    Thanks.

    Leave a comment:


  • Zachery
    replied
    No, inline moderation is done inline, and it has a very good security system in place.

    Leave a comment:


  • iardon
    replied
    If I put htaccess on the /modcp/ folder with that also protect inline moderation?

    I'd like to also protect inline moderation if possible.

    Leave a comment:


  • Wayne Luke
    replied
    Personally, I put htaccess authorization on the install folder as well as the admincp and modcp folders.

    Leave a comment:


  • Steve Machol
    replied
    Yes, delete only the files I stated.

    You can use htaccess to password protect a directory:

    http://www.sitedeveloper.ws/tutorials/htaccess.htm
    http://www.javascriptkit.com/howto/htaccess.shtml

    Leave a comment:


  • NO LIMIT
    replied
    Originally posted by Steve Machol
    1. Don't delete any folders. Just delete the install* and upgarde* files in the install folder.

    2. Password protect your admincp and modcp folders.


    How exactly do you Password Protect these Folders?

    Johnny

    Leave a comment:


  • NO LIMIT
    replied
    Originally posted by Steve Machol
    1. Don't delete any folders. Just delete the install* and upgarde* files in the install folder.

    2. Password protect your admincp and modcp folders.

    Mr. Machol,

    In the Install Folder there are:

    (2) Install PHP Files
    (31) Upgrade PHP Files

    So your information for Security Purposes is to DELETE these PHP Files???


    Johnny

    Leave a comment:


  • Steve Machol
    replied
    No. If those needed deleting I would have mentioned it.

    Leave a comment:

Related Topics

Collapse

Working...
X