The current Internet environment is becoming more and more severe. Security has always been an issue that cannot be ignored by program developers and webmasters. How to choose an easy-to-use and safe program and how to build a secure server environment? It has always been something that most webmasters are eager to know. This article combines the server and DedeCms to configure a safe environment.
1. Directory permissions
We do not recommend users to set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory setting is as follows:
(1) Data, templets, uploads, a or 5.3 html directory, set read-write, non-executable permissions;
(2) If you don’t need a special topic, it is recommended to delete the special directory. If you need it, you can delete special/index.php after generating HTML and set the directory to read, write, and non-executable permissions;
(3) The include, member, plus, and background management directories are set to executable scripts, which are readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in the same way).
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for safety reasons, we still recommend deleting it;
(2) Do not directly use MySQL root user permissions on websites. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES
Since dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
3.1 Set the directory to read-only permission
First copy the permissions
Set directory as read-only permission
3.2 Setting the directory does not allow script execution
Another thing to note is that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
4. Apache site security settings
If you are running Windows 2003, you can perform the following operations on Apache:
4.1 Create an account in the local users and groups in computer management, for example: DedeApache, set the password to DedeApachePWD, and join the guests group (if problems occur, you can grant user permissions);
4.2 Open Start->Administrative Tools->Local Security Policy, select "Log on as a service" in "User Rights Assignment", and add the DedeApache user;
4.3 Select services in computer management, find apache2.2, stop the service first, right-click -> Properties, select login, switch the radio button from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD , and then click OK (Apache cannot start normally at this time, and generally an error will be reported: Apache2.2 service stopped due to 1 (0x1) service error.);
4.4 Grant the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) the read and write permissions of the DedeApache account, and remove all permissions except administrator and system from the root directory of each disk. Grant readable column directory permissions to the apache account in the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
5. Change the data directory path
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
5.1 Move the data directory to the upper level directory, just cut it here;
5.2 Configure the DEDEDATA file in include/common.inc.php
define('DEDEDATA', DEDEROOT.'/data');
can be changed to something like:
define('DEDEDATA', DEDEROOT.'/../../data');
5.3 Set template cache path in the background
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
