22
Quality tips! Should be added to SmartFAQ too, learn a lots from all you guys, thx.
Quote:
Quality tips! Should be added to SmartFAQ too, learn a lots from all you guys, thx.Quote:
tl wrote:
Personally, I don't like the idea of the username/password combo under the web tree. I would move them out.
You may want to check this TIP on moving the combo out of the web tree
http://xoops-tips.com/modules/news/article.php?storyid=1
23
As a normal xoops/module user, I prefer using the module
"as is" instead of modify it extensively. If it is a must,
I think most normal user will not pick it.
It seems to me that...Quote:
...these two modules' templates unexpectedly affecting all
other modules/blocks installed at the same XOOPS platform.
I believe these myAlbum-p and piCal modules should be used
by several users/sites around the XOOPS circle.
-is it all of you facing same layout problem?
-if yes, any guidelines on which template files to be fixed?
"as is" instead of modify it extensively. If it is a must,
I think most normal user will not pick it.
It seems to me that...Quote:
JMorris wrote:
The problem appears to be in the template set for the
modules. This is an issue I've run into countless times.
You'll need to clone your template set and edit the
modules' templates that are causing the problem.
...these two modules' templates unexpectedly affecting all
other modules/blocks installed at the same XOOPS platform.
I believe these myAlbum-p and piCal modules should be used
by several users/sites around the XOOPS circle.
-is it all of you facing same layout problem?
-if yes, any guidelines on which template files to be fixed?
24
Thanks "mOnty" reply, there maybe little misunderstanding...
The issues originated from mainfile.php and the 'hole' I refer to 'the hardcoded username/password at mainfile.php'
If somebody read username/password, then I afraid they can make use of phpMyadmin through browser to access the DB! So, I wanna ask if there are any security comments/alternatives about this hardcode?
Quote:
The issues originated from mainfile.php and the 'hole' I refer to 'the hardcoded username/password at mainfile.php'
If somebody read username/password, then I afraid they can make use of phpMyadmin through browser to access the DB! So, I wanna ask if there are any security comments/alternatives about this hardcode?
Quote:
m0nty wrote:
Quote:
danielh2o wrote:
In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.
what hole?
i access phpmyadmin via my browser along with every1 else who uses phpmyadmin, i can't understand your issue of being afraid of mainfile being read by using phpmyadmin??
phpmyadmin needs to be in a secure section of your site anyway if your control panel doesn't have phpmyadmin installed, and the username and password are also in the phpmyadmin config files.. which is why the phpmyadmin folder shud be protected. most servers are setup so that only scripts originating from your own server can access the MySQL database.. any outside connections will be refused.. which means even if somebody does read your mainfile.php file there aint much they can do with it anyway as all attempts to connect to the database will be refused if they aren't from scripts on your server..
25
Yes, I'd followed the README once installed.
I misunderstand that your Quote: is asking me to do some other(hack) before...
Moreover, I still don't understand HOW it can protect mainfile.php, is it the lines for precheck does protect it, how? do you know their logic?
I misunderstand that your Quote:
You'll need to do some mild hacking to install it, but it will protect the contents of the mainfile.php.
Moreover, I still don't understand HOW it can protect mainfile.php, is it the lines for precheck does protect it, how? do you know their logic?
27
Quote:
In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.
Do you mean putting a .htaccess file at root (with following lines) can protect the file "mainfile.php"?
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
What is the meaning of:
1)Order allow,deny
2)Deny from all
DonXoop wrote:
The mainfile.php can't be read by a browser call (try it). It doesn't output anything. If someone gets access to the server or puts in a script that can read arbitrary files you have problems.
If they do get the info then they still need access to the db server which should never be allowed from the internet anyway. It would likely be someone with access to your server which means you already have a bigger problem.
Besides all the other security ideas you can also prevent attempts at reading the file with a line in your server config or .htaccess file:
Quote:
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.
Do you mean putting a .htaccess file at root (with following lines) can protect the file "mainfile.php"?
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
What is the meaning of:
1)Order allow,deny
2)Deny from all
28
Quote:
Installed this Protector module, but I cannot understand what it does? But what I need to 'hack?' to protect the content of mainfile.php?
Moreover, don't know why I cannot register at peak.ne.jp, cannot ask them. I found another problems related to peak's module too!
https://xoops.org/modules/newbb/viewtopic.php?topic_id=28384&forum=28
JMorris wrote:
RE: mainfile.php
If you're paranoid about sercurity, you may want to take a look at the Xoops Protector module. You'll need to do some mild hacking to install it, but it will protect the contents of the mainfile.php.
Installed this Protector module, but I cannot understand what it does? But what I need to 'hack?' to protect the content of mainfile.php?
Moreover, don't know why I cannot register at peak.ne.jp, cannot ask them. I found another problems related to peak's module too!
https://xoops.org/modules/newbb/viewtopic.php?topic_id=28384&forum=28
29
For general security sake, anyone can recommend a list of files/directories to be DISALLOW or ALLOW at robots.txt?
(e.g. DISALLOW mainfile.php!?)
I doubt whether mainfile.php is secure?
chmod to 444, seems to be filesystem access-rights only.
https://xoops.org/modules/newbb/viewtopic.php?topic_id=28453&forum=7&post_id=124075
Welcome for comments/discussions such that everyone can learn more about this mainfile.php...
(e.g. DISALLOW mainfile.php!?)
I doubt whether mainfile.php is secure?
chmod to 444, seems to be filesystem access-rights only.
https://xoops.org/modules/newbb/viewtopic.php?topic_id=28453&forum=7&post_id=124075
Welcome for comments/discussions such that everyone can learn more about this mainfile.php...
30
Good doc!
And how about robot/spider on the net, What XOOPS files/directories should I DISALLOW (especially mainfile.php)??
Quote:
And how about robot/spider on the net, What XOOPS files/directories should I DISALLOW (especially mainfile.php)??
Quote:
jdseymour wrote:
You want to make the file unreadable to prying eyes- chmod 444.
Also see this faq:
https://xoops.org/modules/smartfaq/faq.php?faqid=286
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|