Shulou(Shulou.com)06/02 Report--

How does empire cms security settings optimize? Many novices are not very clear about this. In order to help you solve this problem, the following small series will explain it in detail for everyone. Those who have this need can come to learn. I hope you can gain something.

First, let's take a look at Imperial CMS security certification features:

Empire Login Quadruple Security Verification:

The first heavy: password double MD5 encryption, password can not crack, if the database is downloaded, also can not get the real password.

The second layer: background directory custom, if the other side knows the password can not be found login background.

Third: If you know the password and background directory can not know the authentication code, authentication code storage.php file must log in FTP to view the file content.

Fourth: background login support custom specified independent domain name, do not use the specified domain name can not log in background.

Imperial COOKIE information five-fold security certification:

The first layer: system authentication using random password authentication, each login or exit will generate a new random password, no rules can be found, and authentication using database +COOKIE double authentication, safe and reliable.

The second layer: background login verification COOKIE variable prefix custom, even variable name do not know can not simulate COOKIE packet.

The third layer: COOKIE information uses COOKIE authentication code verification, information encryption uses double md5 encryption, cannot crack COOKIE authentication code, and COOKIE authentication code storage.php file must log in FTP to view file content.

The fourth layer: COOKIE information and login IP binding authentication, if COOKIE information is completely obtained and random password has not changed, do not know the login IP can not pass authentication.

Fifth: Verify whether the user logs in by file. If the COOKIE information is completely obtained and the random password is not changed, and the IP of the login is also known, the user cannot pass the authentication without being online.

Here's how Empire CMS is set up to be security optimized:

(Note: The following options are not required, only recommended for optimization.)

php configuration file php.ini Settings:

Magic_quotes_gpc is set to On

The magic is revealed.

Register_globals is set to Off

PHP global variables, this is recommended to be closed.

3. Display_errors is set to Off

Do not display PHP error messages, this setting has little impact on system security.

Empire website management system settings:

1. Modify the table prefix during installation

It is recommended to modify the table prefix when installing Empire CMS from scratch.

2. When installing the initial administrator account, do not use common names such as admin as administrator user names.

3, administrator password set more than 6 digits

Passwords consist of letters, numbers, underscores, and special characters.

4. Set login authentication code during installation

If the authentication code is not set during installation, you can modify the contents of the "$do_loginauth" variable in the e/class/config.php file. (Dreamweaver is recommended to prevent UTF8 encoded files from being converted to GBK)

The requested URL/e/was not found on this server.

Rename admin to a directory name that is difficult to guess and easy to remember.

6. Set background verification login IP

In order to take care of users whose Internet IP changes at any time, the login IP is not verified by default. If you want to enable login IP verification, you can modify the variable value of "$do_ckhloginip" in the e/class/config.php file to 1. (Dreamweaver is recommended to prevent UTF8 encoded files from being converted to GBK)

7. When exiting the system, click the exit login link in the background to exit

Log out of the system will automatically generate a new random password (to prevent the leakage of locally stored COOKIE information due to computer poisoning or network hijacking, and generate a new random password to make the leaked COOKIE information invalid).

8. Enable website security firewall.

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.