TODO security issues are extensive and complex, I do not understand all of them, so this document will be constantly updated, but also hope that we have a lot of mistakes!
The reason for this document is that the PSI has not been developed yet, but there are already users in the actual production environment, and asked me how to enhance security, so I began to write this document.
1, the security of the database
1.1 Principle 1: In a production environment, do not use root, but create new users to access the data.
1.2 Most of the time, principle 1 is not well executed, then the following is said, how to change the root password, the most basic security measures.
The following operations, which are based on the release of the PSI installation package, are the XAMPP environment.
1.2.1 Start Apache and MySQL
1.2.2 Browser Access http://localhost/phpmyadmin The following interface appears
Select "User" and the following interface appears:
Select root localhost, click Edit Permissions, and the following interface appears:
Click the "Change Password" button, the following interface appears:
Enter the password, and then click the Execute button.
1.2.3 to this point, PSI and phpmyadmin are not good, here is how to modify the PSI and phpMyAdmin configuration.
1.2.4 Modify the password in the D:\PSI\htdocs\web\Application\Common\Conf\config.php
1.2.5 If there is a D:\PSI\htdocs\web\Application\Runtime folder, remove the Runtime folder altogether. This is the thinkphp generated cache folder, the previous database configuration will be cached here, remember this step ! If you do not have this folder, you can ignore this step.
1.2.6 after the above steps, the PSI will be able to run in the case of a new root password, but the phpMyAdmin is not good to use, the following is how to configure the phpMyAdmin.
1.2.7 Open D:\PSI\phpMyAdmin\config.ini.php
Take this line.
$cfg [' Servers '] [$i] [' auth_type '] = ' config ';
Switch
$cfg [' Servers '] [$i] [' auth_type '] = ' cookie ';
1.2.8 re-access to the http://localhost/phpmyadmin/interface becomes
1.2.9 in the above process, if you encounter problems, you can consider "restart Dafa": Restart Apache, MySQL. Add a little detail and don't change the file.
2. Apache Security
2.1 Honestly, I do not know how to enhance the security of Apache, please the students to give advice.
3, operating system security
In this respect, if it is Linux I am small white, do not understand anything. If it is windows, I am also small white, used to be managed by the network.
Open source Invoicing psi-Deployment security