Best Practice Security modifications after install.

setuptips · joulukuu 09, 2007, 04:13:19 AP

Hi

I was wondering if anyone had some tips on best practice security modifications to make to a SMF install ?

eg. recommended .htaccess changes, etc etc.

H · joulukuu 09, 2007, 05:51:27 AP

Once you've installed any themes / mods I'd recommend you make everything read-only (chmod 666) except for the attachments folder

青山素子 · joulukuu 09, 2007, 12:45:24 IP

Read-only is 444, actually.

H · joulukuu 09, 2007, 03:07:26 IP

Think I actually meant 555 (read+execute).

青山素子 · joulukuu 10, 2007, 12:50:33 AP

That would work fine as well, but I recommend not setting execute on files. If the host has Apache's XBit Hack enabled, there is a slight chance of a possible security issue.

Execute on directories is required, as having that set means you can go into them.

Ben_S · joulukuu 11, 2007, 06:33:04 AP

Simplest option is to use the feature built into the package manager.

Admin > Packages > Options > Cleanup Permissions > Change all file permissions throughout the forum such that: The minimum files are writable.

Simple Machines Community Forum

Uutiset: