Shulou(Shulou.com)06/02 Report--

This article is to share with you about how DedeCMS makes security settings. The editor thought it was very practical, so I shared it with you as a reference. Let's follow the editor and have a look.

How does DedeCMS set up security?

If your website data is very important (not the kind of garbage dump that can be done in two days), users of DedeCms V5.3Compact 5.5Compact 5.6 are recommended to follow the security steps described in this article.

Recommended study: dream weaving cms

1. Directory permissions

We do not recommend that users set the column directory in the root directory, because it will be very troublesome to set security in this way. By default, after the installation is completed, the directory is set as follows:

(1) set read / write permissions to the html directory of data, templets, uploads, an or 5.3.

(2) if there is no need for a special topic, it is recommended to delete the special directory. After generating the HTML, delete the special/index.php and then set the directory to read / write, unexecutable permission.

(3) include, member, plus, background management directories are set to executable scripts, readable, but not writable (book, ask, company, group directories with add-ins are also set).

2. other problems that should be paid attention to

(1) although the install directory has been strictly handled, for security reasons, we still recommend that it be deleted.

(2) do not directly use the permissions of MySQL root users for websites. Set up an independent MySQL user account for each website. The permissions are as follows:

SELECT, INSERT, UPDATE, DELETE

CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES

Since Dede does not use stored procedures anywhere, it is important to disable permissions for FILE, EXECUTE, and so on to perform stored procedures or file operations.

3. How to set the permissions of the directory?

For users who can use Linux, I believe most of them already know these things. For IIS users, please take a look at the following figure:

(1) set the directory to read-only

Copy permission

Figure-1: copy permissions

Set to read-only

Figure-2: set to read-only

(2) setting does not allow script execution

Setting does not allow script execution

Figure-3: setting does not allow script execution

It is also important to note that neither IIS nor Apache should add .php and .inc files to mime, which will prevent them from being downloaded.

However, only the above settings are not enough. Server security settings are more important. If you are often hung up by the horse, you can find us to solve the problem. Do not hang up the horse. The download address of server-related software is s.jb51.net.

Attached:

1.Apache site Security Settings

If it is under Windows2003, you can do the following to Apache:

1.1. Create an account in the local users and groups in the computer management, for example: DedeApache, set the password to DedeApachePWD, and join the guests group (if there is a problem, you can give user permission)

1.2. Open start-> Administrative tools-> Local Security Policy, select "Log in as a Service" in "user Rights assignment", and add DedeApache users.

1.3. In computer management, select the service, find apache2.2, stop the service first, right-click-> attribute, select login, switch the checkbox from the local system account to this account, then find and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time apache can not start normally, the general situation will definitely report an error: Apache2.2 service stops due to 1 (0x1) service error. )

1.4. Give read and write permissions to DedeApache accounts in apache installation directories (such as D:/apache2.2) and web directories (such as D:/wwwroot), remove all permissions in each disk root directory except administror and system, and grant readable column directory permissions to the apache account in the disk root directory where the DedeApache installation directory is located

We can add the following to the site configuration:

The code is as follows:

Order Allow,Deny Deny from all

Here, the script execution permission of the corresponding directory is cancelled.

2.data directory path change

In addition, in DedeCMS V5.7, users can also set the data directory to a non-web access directory at a higher level. The basic operations are as follows:

2.1. Move the data directory to the directory one level above, and cut it directly here.

2.2. Configure the DEDEDATA file in include/common.inc.php

The code is as follows:

Define ('DEDEDATA', DEDEROOT.'/data')

It can be changed to a class such as:

The code is as follows:

Define ('DEDEDATA', DEDEROOT.'/../../data')

2.2.3. Set template cache path in the background

Thank you for reading! On the DedeCMS security settings to share here, I hope that the above content can be of some help to you, so that you can learn more knowledge. If you think the article is good, you can share it and let more people see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.