Shulou(Shulou.com)06/02 Report--

The editor would like to share with you how to set up the security of the dream weaving server environment. I believe most people don't know much about it, so share this article for your reference. I hope you will learn a lot after reading this article. Let's learn about it!

How to set the security of dream server environment?

Dream weaving DedeCMS server environment security settings

Recommended study: dream weaving cms

Nowadays, the Internet environment is becoming more and more severe, and security has always been a problem that can not be ignored by program developers and webmasters. How to choose an easy-to-use and secure program and how to build a secure server environment have always been eagerly desired by the majority of webmasters. This article combines server and DedeCMS to configure a safe environment for use.

1. Directory permissions

We do not recommend that users set the column directory in the root directory, because it will be very troublesome to set security in this way. By default, after the installation is completed, the directory is set as follows:

(1) set read / write permissions to the html directory of data, templets, uploads, an or 5.3.

(2) if there is no need for a special topic, it is recommended to delete the special directory. After generating the HTML, delete the special/index.php and then set the directory to read / write, unexecutable permission.

(3) include, member, plus, background management directories are set to executable scripts, readable, but not writable (book, ask, company, group directories with add-ins are also set).

2. other problems that should be paid attention to

(1) although the install directory has been strictly handled, for security reasons, we still recommend that it be deleted.

(2) do not directly use the permissions of MySQL root users for websites. Set up an independent MySQL user account for each website. The permissions are as follows:

SELECT, INSERT, UPDATE, DELETE

CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES

Since DEDE does not use stored procedures anywhere, it is important to disable permissions for FILE, EXECUTE, and so on to perform stored procedures or file operations.

3. How to set the permissions of the directory?

For users who can use Linux, I believe most of them already know these things. For IIS users, please take a look at the following figure:

3.1 set directory to read-only permission

Copy the permissions first

Set directory to read-only permission

3.2 setting the directory does not allow script execution

It is also important to note that neither IIS nor Apache should add .php and .inc files to mime, which will prevent them from being downloaded.

4. Apache site security settings

If it is under Windows2003, you can do the following to Apache:

4.1 create an account in the local users and groups in the computer management, such as DedeApache, set the password to DedeApachePWD, and join the guests group (if there is a problem, you can give user permission)

4. 2 Open start-> Administrative tools-> Local Security Policy, select "Log in as a Service" in "user Rights assignment", and add DedeApache users.

4.3. In computer management, select the service, find apache2.2, stop the service first, right-click-> attribute, select login, switch the checkbox from the local system account to this account, then find and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time apache can not start normally, generally there will be an error: Apache2.2 service is stopped due to 1 (0 × 1) service error. )

4.4. Give read and write permissions to DedeApache accounts in apache installation directories (such as D:/apache2.2) and web directories (such as D:/wwwroot), remove all permissions in each disk root directory except administror and system, and grant readable column directory permissions to the apache account in the disk root directory where the DedeApache installation directory is located

We can add the following to the site configuration:

Order Allow,Deny Deny from all Order Allow Deny Deny from all

Here, the script execution permission of the corresponding directory is cancelled.

5. Data directory path change

In addition, in DedeCMS V5.7, users can also set the data directory to a non-web access directory at a higher level. The basic operations are as follows:

5.1. Move the data directory to the directory one level above, and cut it directly here.

5.2. Configure the DEDEDATA file in include/common.inc.php

Define ('DEDEDATA', DEDEROOT.'/data')

It can be changed to a class such as:

Define ('DEDEDATA', DEDEROOT.'/../../data')

5. 3. Set template cache path in the background

The above is all the contents of the method of setting up the security of the dream server environment, thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.