Quoting Brandon Friedman <[EMAIL PROTECTED]>: > > Things like setting up a mysql database and NOT using root as the owner! >
AFAIK, the root MySQL password -is- relatively safe... but it still wouldn't hurt to create a dummy user with basic permissions to use for MySQL applications. > SSL, configuring I-Bays (should we use I-Bays for that > matter),.htaccess, mysql security! etc... What I have noticed as of late is a strong push to use the /opt directory and write a custom template fragment that aliases /opt/directoryname to a path in the main URI. e.g. in Dan Brown's HOWTo for PHP 2.0, the directory /opt/phpBB is aliased as www.yourdomain.com/phpBB. > > I understand that some apps do have security holes in them! But some > guide lines on securing SME are probably useful~ Agreed, but I'm sure you'll find a lot of what you seek to put together already done in snippets of howto's that are already out there. Check out Dan Brown's and Darrell May's howto's. They'll provide an excellent starting (and perhaps ending) point. -- Ari Novikoff Email: [EMAIL PROTECTED] Web: http://www.novikoff.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
