Dedecms server environment security settings and Dede Security Configuration Settings

Introduction: This is the dedecms server environment security settings. The Dede security configuration method is displayed on the details page. It introduces PHP, related knowledge, skills, experience, and some PHP source code.

Class = 'pingjiaf' frameborder = '0' src = 'HTTP: // biancheng.dnbc?info/pingjia.php? Id = 344028 'rolling = 'no'>

Dedecms server environment security settings, Dede Security Configuration Setting Method-published in: Dede technology-Dede tutorial

1. Directory Permissions
We do not recommend that you set the topic directory to the root directory because it is very troublesome to perform security settings. By default, after the installation is complete, the directory settings are as follows:
(1) data, templets, uploads, A, or 5.3 HTML directory, set the read and write permissions, not executable permissions;
(2) If you do not need a topic, we recommend that you delete the special directory. You can delete special/index. php After generating HTML, and set this directory to read/write and not executable;
(3) The include, Member, plus, and background management directories are set to executable scripts, readable, but not writable. (If an additional module is installed, this is also true for the book, ask, company, and group Directories ).

2Other issues that need attention
(1) Although the install directory has been strictly processed, we recommend that you delete it for security reasons;
(2) do not directly use the permissions of the MySQL root user on the website. Set an independent MySQL user account for each website. The permission is as follows:
Select, insert, update, delete
Create, drop, index, alter, create temporary tables
Because Dede does not use stored procedures anywhere, you must disable the permission to execute stored procedures or file operations, such as file and execute.

3. How do I set directory permissions?Dede tutorial-598080707.net
For users who will use Linux, I believe most of them have understood these things. For IIS users, see:
3.1Set the directory to read-only

First, copy the permission

Set the directory to read-only

 

3.2Script execution is not allowed when the directory is set.

 

In addition, you must note that the. php and. inc files should not be added to mime files no matter IIS or Apache, so that the system will prohibit downloading these files.
 

4 ApacheSite Security Settings
For Windows2003, you can perform the following operations on Apache:
4.1 create an account in the local user and group in the computer management, for example, dedeapache. Set the password to dedeapachepwd and add it to the guests group (if any problem occurs, grant the user permission );

4. 2. Choose Start> Administrative Tools> Local Security Policy. In "user permission assignment", select "Log on as a service" and add the dedeapache user;

4. 3. in computer management, select a service, find apache2.2, stop the service, right click-> properties, select login, switch the ticket from the local system account to this account, and find and select dedeapache, enter the password dedeapachepwd and click OK. (Apache cannot be started normally at this time. Generally, an error is returned: apache2.2 service stops due to a 1 (0x1) service error .);

 

 

4. 4. grant the Apache installation directory (such as D:/apache2.2) and web directory (such as D:/wwwroot) The read and write permissions of the dedeapache account, remove all permissions except administror and system in the root directory of each disk, and grant the permission to the readable column directory of the Apache account in the root directory of the disk where dedeapache is installed.

 

 

You can add the following content in site Configuration:

<Directory "D: \ dedecms \ www \ uploads"> <Filesmatch ". php"> Order allow, deny Deny from all </Filesmatch> </Directory> <Directory "D: \ dedecms \ www \ data"> <Filesmatch ". php"> Order allow, deny Deny from all </Filesmatch> </Directory> <Directory "D: \ dedecms \ www \ templets"> <Filesmatch ". php"> Order allow, deny Deny from all </Filesmatch> </Directory> <Directory "D: \ dedecms \ www \ A"> <Filesmatch ". php"> Order allow, deny Deny from all </Filesmatch> </Directory>

The script execution permission for the corresponding directory is revoked.

5. DataDirectory path change
In addition, in dedecms v5.7, you can also set the data directory to the upper-level non-Web Access Directory. The basic operations are as follows:
. Move the data directory to the upper-level directory. You can directly cut it here;
5. 2. Configure the dededata file in include/common. Inc. php.

Define ('destdata', dederoot. '/data ');

You can change it to a class such:

Define ('destdata', dederoot. '/http://www.cnblogs.com/data ');

5. 3. Set the template cache path Dede Technology in the background-598080707.net

Post information: Dede technology bar | classification: Dede tutorial | Address: http://598080707.net/1/61.html

Love J2EE follow Java Michael Jackson video station JSON online tools

Http://biancheng.dnbcw.info/php/344028.html pageno: 5.