11
talunceford
Re: News / CBB integration?

Maybe we need to put that on an official wish list for the news module. I'd sure like to have that feature available. I might try and work on that some this week.
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



12
talunceford
News / CBB integration?

How hard would it be to tie the news to the CBB forums. Say for example, you wanted to have the news module make a forum post when you submitted a news article. Kinda like, "discuss it here" I've wondered about this for some time. I think it would be kinda cool to be able to do this, instead of holding a conversation via comments. Just a question.....
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



13
talunceford
Re: "Could not instantiate mail function" issue in my Intranet

Sounds to me like the smtp mail server isn't running. The Only reason that I say that is because if it was running and if you didn't have access to send mail to the outside world via smtp relay, you would be getting a pileup of mail in your mail server. Are you getting mail piled up in your mail server? One other thing, do you have a local mail server that relays mail to your internet providers mail server, and also, do you have access to relay messages via port 25. If you can email through your internet providers mail server, then I would make sure that your mail server sends the proper authentication when it relays messages. I had to alter some changes on my mail sever at my house to get it to work right. It is possible to do.
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



14
talunceford
Re: Question about securing folders...

Not sure if this will work, but I think its more of a deterrent than anything.
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



15
talunceford
Re: Question about securing folders...

I found something that might work.

I created a .htaccess file that disables public view of the folder, yet retains the same properties of the 777. It only allows access to the folder when the server needs it.

File security

If you want to prevent people from viewing or downloading any files in a particular directory you can just place a .htaccess file like this in that directory.

# prevent reading of all files
<Files *>
    
Deny From All
</Files>

For 
exampleI have a directory which holds include files containing various passwords and web-service keys that I don't want anybody to be able to see. Ideally this would be stored outside the directory tree that the web-server can serve-up, but on some configurations that is not possible. In this case the .htaccess file above prevents anyone from viewing the files whilst still allowing them to be included in PHP scripts.

You can be more selective about what you allow people to see. This .htaccess file will prevent people from seeing just the files with the .inc suffix. Anything else is accessible.

# prevent reading of .inc files
<Files *.inc>
    Deny From All
</Files>


I stuck the .htaccess files in the cache directory, and the templates_c directory. I think I will also try it on the uploads directory.
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



16
talunceford
Re: Question about securing folders...

Ok, well the site doesn't run correctly unless the httpd user/group has access to those directories. How can I get it so that my user account is writing those files instead of that httpd user? That is, if there is a way....
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



17
talunceford
Re: Question about securing folders...

Nice... thanks jdseymour...
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



18
talunceford
Re: Question about securing folders...

Lol, isn't that the truth.

I think what should be done is make it so that when the system writes a template file or something such as that, it uses the permissions of the user, or use something that captures the users permissions of the folder. That way a folder doesn't have to be wide open to the world to work, such as the templates_c, cache, or uploads directory are right now. Because they have to be left 777 in order for the site to work properly. Why is this?

We talk about securing our site, but we are forced to leave folders open to the public so that they can upload files and execute files on the server, without any resistance.

This needs to be addressed quickly.... How... well that is another story.
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



19
talunceford
Question about securing folders...

Hello all!

I have a quick question on what the correct permissions would be for the templates_c folder, the uploads folder, and the cache folder... and for that matter any folder that you don't want the public being able to write to directly. I got an email from my hosting provider about some files that were uploaded to the uploads directory of my site that were causing some phishing attempts. Yeah, got me scared. I removed the execute right from the folder except for the user.

I guess what my question is, is what is the BEST security measures to take when applying a security policy to your site.

Thanks all!
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org



20
talunceford
Re: Is Xoops the solution to my situation?

It sounds like XOOPS is right up your alley. You can transfer all of your static content to a module within XOOPS called WFSections. It allows you to create pages that resemble static content within your site. I use it on BF2Online.com, and it works very very well. Its very easy to manage. I have found that XOOPS is the easiest CMS to operate. I've been using it for quite some time now.

Hope this helps....
Tim
www.tswn.com | www.bf2online.com | aquaria.tswn.com | www.bf2142online.org




TopTop
« 1 (2) 3 4 5 ... 36 »



Login

Who's Online

209 user(s) are online (126 user(s) are browsing Support Forums)


Members: 0


Guests: 209


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits