Vain teksti | Teksti ja kuvat

Simple Machines Community Forum

Archived Boards and Threads... => Archived Boards => SMF Feedback and Discussion => Aiheen aloitti: setuptips - joulukuu 09, 2007, 04:13:19 AP

Otsikko: Best Practice Security modifications after install.
Kirjoitti: setuptips - joulukuu 09, 2007, 04:13:19 AP
Hi

I was wondering if anyone had some tips on best practice security modifications to make to a SMF install ?

eg.  recommended .htaccess changes,   etc etc.
Otsikko: Re: Best Practice Security modifications after install.
Kirjoitti: H - joulukuu 09, 2007, 05:51:27 AP
Once you've installed any themes / mods I'd recommend you make everything read-only (chmod 666) except for the attachments folder :)
Otsikko: Re: Best Practice Security modifications after install.
Kirjoitti: 青山 素子 - joulukuu 09, 2007, 12:45:24 IP
Read-only is 444, actually.
Otsikko: Re: Best Practice Security modifications after install.
Kirjoitti: H - joulukuu 09, 2007, 03:07:26 IP
Think I actually meant 555 (read+execute).
Otsikko: Re: Best Practice Security modifications after install.
Kirjoitti: 青山 素子 - joulukuu 10, 2007, 12:50:33 AP
That would work fine as well, but I recommend not setting execute on files. If the host has Apache's XBit Hack (http://httpd.apache.org/docs/1.3/mod/mod_include.html#xbithack) enabled, there is a slight chance of a possible security issue.

Execute on directories is required, as having that set means you can go into them.
Otsikko: Re: Best Practice Security modifications after install.
Kirjoitti: Ben_S - joulukuu 11, 2007, 06:33:04 AP
Simplest option is to use the feature built into the package manager.

Admin > Packages > Options > Cleanup Permissions > Change all file permissions throughout the forum such that: The minimum files are writable.
Vain teksti | Teksti ja kuvat