> Security trick #1:
> You can try this trick,
>
> make a directory called secure under /modules/include
> copy global_setting to /modules/include/secure directory
>
> in the secure directory create a .htaccess to include this line:
> deny from all
Why do you need to move the global_settings file? Why not block access
to the entire modules directory?
> Then edit your index.php3 to reflect the change made.
> /*
> ** get global settings
> */
> include(APPLICATION_ROOT . "/modules/include/global_settings");
>
> Change it to
> /*
> ** get global settings
> */
> include(APPLICATION_ROOT . "/modules/include/secure/global_settings");
>
> Security trick #2:
>
> If you are using Linux or BSD use ipchains to block incoming connection of
> port 3306. Use portsentry or nmap to scan for open TCP and UDP
> connection. And block where appropriate.
What does this do? I can understand limiting the daemons (services) you
provide, is that what you are suggesting?
> Security trick #3:
>
> To prevent compromising of your web based admin account. When you come to
> the web based logon for username and password, use https. It'll prevent
> people from sniffing your password.
This is a good idea. We have often thought about making this the
default, however, making it the default would slightly inconvenience
non-admin users.
-jj
--
Shannon -jj Behrens * Web Engineer * CLEAR INK�
Imagination is the only real medium(sm)
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
