| Re: xoops_lib & xoops_data |
| by Dante7237 on 2012/4/23 18:19:57 If a 5 dollar hosting account is a prohibitive factor, then they have far bigger troubles.. There are many other hosting solutions that offer the needed tools cheap. |
| Re: xoops_lib & xoops_data |
| by Peekay on 2012/4/23 14:34:18 Quote:
There is a reason. Many of the low-price, shared-hosting services used by charities and community groups don't allow it. GoDaddy for example. These organisations can't always afford to 'get a better hosting package'. |
| Re: xoops_lib & xoops_data |
| by Dante7237 on 2012/4/23 14:11:21 Move the folders out of root. Like Flipse said there's no reason not to. More troubling than the presentation of info re: the "Trust Path" is the lack of insistence that people adjust the php.ini files correctly. Doesn't matter where you locate the trust path if folks are able to traverse directories due to a php.ini oversight. There's also a great example of an .htaccess file here somewhere that should come stock with the cms package. Its always that 1 thing you overlook, or deem not required that will be the thing that gets exploited.. And yes, XOOPS is the most secure cms I've found. That doesn't mean anyone should get lazy about doing all the right things.. |
| Re: xoops_lib & xoops_data |
| by Anonymous on 2012/4/23 13:52:45 Quote: DCrussader wrote: A cms is save until a new flaw is detected... So why compromise security by not taking all safety measures you can use? Quote: Peekay wrote: I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it. But what if not warning users would lead to many compromised xoops sites? I guess this would be more harmfull for xoops then a few users not using it by lack of knowledge. I agree with you both this warnings could use some extra explanation in the install script or on the main admin page. And be clear about what are the risks when ignoring them. |
| Re: xoops_lib & xoops_data |
| by Peekay on 2012/4/23 12:45:59 Quote:
+1 I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it. There are many shared hosting providers who simply do not allow folders outside the site root. |