On Wed, 8 Mar 2000, Shannon -jj Behrens wrote:
> > Security trick #1:
> > You can try this trick,
> >
> > make a directory called secure under /modules/include
> > copy global_setting to /modules/include/secure directory
> >
> > in the secure directory create a .htaccess to include this line:
> > deny from all
> Why do you need to move the global_settings file? Why not block access
> to the entire modules directory?
That's a better idea.
>
> > Then edit your index.php3 to reflect the change made.
> > /*
> > ** get global settings
> > */
> > include(APPLICATION_ROOT . "/modules/include/global_settings");
> >
> > Change it to
> > /*
> > ** get global settings
> > */
> > include(APPLICATION_ROOT . "/modules/include/secure/global_settings");
> >
> > Security trick #2:
> >
> > If you are using Linux or BSD use ipchains to block incoming connection of
> > port 3306. Use portsentry or nmap to scan for open TCP and UDP
> > connection. And block where appropriate.
> What does this do? I can understand limiting the daemons (services) you
> provide, is that what you are suggesting?
There was a bug in the lose. People on the outside can do a "telnet
hostname 3306" to connect. Most people connect through their database
locally or internally. Best if blocking this from the outside. Or you
can do a tcpserver wrapper to limit the IP who have access to the
daemon. That's great as well.
>
> > Security trick #3:
> >
> > To prevent compromising of your web based admin account. When you come to
> > the web based logon for username and password, use https. It'll prevent
> > people from sniffing your password.
> This is a good idea. We have often thought about making this the
> default, however, making it the default would slightly inconvenience
> non-admin users.
>
> -jj
>
>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
