Open source Invoicing psi-Deployment security

Source: Internet
Author: User

TODO security issues are extensive and complex, I do not understand all of them, so this document will be constantly updated, but also hope that we have a lot of mistakes!

The reason for this document is that the PSI has not been developed yet, but there are already users in the actual production environment, and asked me how to enhance security, so I began to write this document.

1, the security of the database

1.1 Principle 1: In a production environment, do not use root, but create new users to access the data.

1.2 Most of the time, principle 1 is not well executed, then the following is said, how to change the root password, the most basic security measures.

The following operations, which are based on the release of the PSI installation package, are the XAMPP environment.

1.2.1 Start Apache and MySQL

1.2.2 Browser Access http://localhost/phpmyadmin The following interface appears

Select "User" and the following interface appears:

Select root localhost, click Edit Permissions, and the following interface appears:

Click the "Change Password" button, the following interface appears:

Enter the password, and then click the Execute button.

1.2.3 to this point, PSI and phpmyadmin are not good, here is how to modify the PSI and phpMyAdmin configuration.

1.2.4 Modify the password in the D:\PSI\htdocs\web\Application\Common\Conf\config.php

1.2.5 If there is a D:\PSI\htdocs\web\Application\Runtime folder, remove the Runtime folder altogether. This is the thinkphp generated cache folder, the previous database configuration will be cached here, remember this step ! If you do not have this folder, you can ignore this step.

1.2.6 after the above steps, the PSI will be able to run in the case of a new root password, but the phpMyAdmin is not good to use, the following is how to configure the phpMyAdmin.

1.2.7 Open D:\PSI\phpMyAdmin\config.ini.php

Take this line.

$cfg [' Servers '] [$i] [' auth_type '] = ' config ';

Switch

$cfg [' Servers '] [$i] [' auth_type '] = ' cookie ';

1.2.8 re-access to the http://localhost/phpmyadmin/interface becomes

1.2.9 in the above process, if you encounter problems, you can consider "restart Dafa": Restart Apache, MySQL. Add a little detail and don't change the file.

2. Apache Security

2.1 Honestly, I do not know how to enhance the security of Apache, please the students to give advice.

3, operating system security

In this respect, if it is Linux I am small white, do not understand anything. If it is windows, I am also small white, used to be managed by the network.










Open source Invoicing psi-Deployment security

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.