Security trick #1:
You can try this trick,
make a directory called secure under /modules/include
copy global_setting to /modules/include/secure directory
in the secure directory create a .htaccess to include this line:
deny from all
Then edit your index.php3 to reflect the change made.
/*
** get global settings
*/
include(APPLICATION_ROOT . "/modules/include/global_settings");
Change it to
/*
** get global settings
*/
include(APPLICATION_ROOT . "/modules/include/secure/global_settings");
Security trick #2:
If you are using Linux or BSD use ipchains to block incoming connection of
port 3306. Use portsentry or nmap to scan for open TCP and UDP
connection. And block where appropriate.
Security trick #3:
To prevent compromising of your web based admin account. When you come to
the web based logon for username and password, use https. It'll prevent
people from sniffing your password.
Kent
On Wed, 8 Mar 2000, Roland Munyard wrote:
>
> about to unpack and install, It just seems that looking at the directory
> structure anyone will be able to see my password and config details in
> /modules/include/global_setting
>
> My directory structure looks
> ../roland/public_html/shop/ <-- This is where I think I should
> unpack it,
> ../roland/bin/ <-- This is where I would
> prefer to unpack it , with a link to shop or something
>
> so where should I unpack ? What does a neat layout look like.
>
> Thanks Roland.
>
>
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Site: http://www.working-dogs.com/freetrade/
> Problems?: [EMAIL PROTECTED]
>
>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
