How to set up security in DedeCMS?
Users of DedeCms V5.3/5.5/5.6, if your website data is very important (forget about the garbage dump that can be repaired in two days), it is recommended to follow the security instructions mentioned in this article Set the steps strictly.
Recommended study: Dream Weaver cms
1. Directory permissions
We do not recommend that users set the column directory in the root directory, because this is the reason Security settings will be very troublesome. By default, after the installation is completed, the directory settings are as follows:
(1) The data, templets, uploads, a or 5.3 html directory is set to be readable and writable, but not executable. Permissions;
(2) If you do not need a special topic, it is recommended to delete the special directory. If you need it, you can delete special/index.php after generating HTML and then set the directory to read-write, non-executable permissions;
(3) The include, member, plus, and background management directories are set to executable scripts, which are readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in the same way) .
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for the sake of safety, we still recommend deleting it;
( 2) Do not directly use the MySQL root user's permissions on the website. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE, DROP , INDEX, ALTER, CREATE TEMPORARY TABLES
Since Dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
(1) Set the directory to read-only
Copy permission
Figure-1: Copy permission
is set to read-only
Figure- 2: Set to read-only
(2) Set not to allow script execution
Set not to allow script execution
Figure-3: Set not to allow script execution
In addition, you need to pay attention to the fact that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
But just making the above settings is not enough. Server security settings are more important. If you are often hung up, you can come to us to solve the problem. To avoid hanging up, the server-related software download address is s.jb51.net
Attachment:
1.Apache site security settings
If you are under Windows 2003, you can perform the following operations on Apache:
1.1. Local users and groups in computer management Create an account in it, for example: DedeApache, set the password to DedeApachePWD, join the guests group (if there is a problem, you can give user permissions);
1.2. Open Start->Administrative Tools->Local Security Policy, Select "Log in as a service" in "User Rights Assignment" and add the DedeApache user;
1.3. Select services in computer management, find apache2.2, stop the service first, right-click -> Properties, select login , switch the radio button from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time, apache cannot start normally, and generally an error will be reported: Apache2.2 service reason 1 (0x1) Stopped due to service error.);
1.4. Give the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) DedeApache The read and write permissions of the account, remove all permissions except administrator and system from the root directory of each disk, and grant the readable column directory permissions of the apache account in the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
The code is as follows:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
2. Data directory path change
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
2.1. Move the data directory to the upper level directory, just cut it here;
2.2. Configure the DEDEDATA file in include/common.inc.php
The code is as follows :
define('DEDEDATA', DEDEROOT.'/data');
可以改成类如:
代码如下:
define('DEDEDATA', DEDEROOT.'/../../data');
2.2.3.后台设置模板缓存路径
The above is the detailed content of How to set up security in DedeCMS. For more information, please follow other related articles on the PHP Chinese website!