


The current Internet environment is becoming more and more severe. Security has always been an issue that cannot be ignored by program developers and webmasters. How to choose an easy-to-use and safe program and how to build a secure server environment? It has always been something that most webmasters are eager to know. This article combines the server and DedeCms to configure a safe environment.
1. Directory permissions
We do not recommend users to set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory setting is as follows:
(1) Data, templets, uploads, a or 5.3 html directory, set read-write, non-executable permissions;
(2) If you don’t need a special topic, it is recommended to delete the special directory. If you need it, you can delete special/index.php after generating HTML and set the directory to read, write, and non-executable permissions;
(3) The include, member, plus, and background management directories are set to executable scripts, which are readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in the same way).
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for safety reasons, we still recommend deleting it;
(2) Do not directly use MySQL root user permissions on websites. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES
Since dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
3.1 Set the directory to read-only permission
First copy the permissions
Set directory as read-only permission
3.2 Setting the directory does not allow script execution
Another thing to note is that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
4. Apache site security settings
If you are running Windows 2003, you can perform the following operations on Apache:
4.1 Create an account in the local users and groups in computer management, for example: DedeApache, set the password to DedeApachePWD, and join the guests group (if problems occur, you can grant user permissions);
4.2 Open Start->Administrative Tools->Local Security Policy, select "Log on as a service" in "User Rights Assignment", and add the DedeApache user;
4.3 Select services in computer management, find apache2.2, stop the service first, right-click -> Properties, select login, switch the radio button from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD , and then click OK (Apache cannot start normally at this time, and generally an error will be reported: Apache2.2 service stopped due to 1 (0x1) service error.);
4.4 Grant the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) the read and write permissions of the DedeApache account, and remove all permissions except administrator and system from the root directory of each disk. Grant readable column directory permissions to the apache account in the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
5. Change the data directory path
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
5.1 Move the data directory to the upper level directory, just cut it here;
5.2 Configure the DEDEDATA file in include/common.inc.php
define('DEDEDATA', DEDEROOT.'/data');
can be changed to something like:
define('DEDEDATA', DEDEROOT.'/../../data');
5.3 Set template cache path in the background
Articles you may be interested in
- How to optimize servers, staticize, database optimization, and load balancing for high-traffic websites to achieve high load
- dedeCMS Dream Weaver Message Board How to call the website head
- How to enhance the security of Linux and Unix server systems
- The role of Xdebug and its installation and configuration details
- Eight design details of B2C websites
- Mysql server master-slave database synchronization configuration
- How to check how many websites are hung on the same server
- Solution to the DedeTag Engine Create File False error in dedeCMS

dedecms增加多语言的方法:1、进入dedecms后台,创建封面栏目;2、将封面栏目“常规选项”的文件保存目录设置为cn或者en;3、将封面栏目“高级选项”的列表模板设置为“cn_index.htm”或者“en_index.htm”;4、单独调用每种语言的封面栏目和每种语言下的导航栏目即可。

织梦cms是用PHP语言写的。织梦CMS(DedeCMS)是一个PHP开源网站管理系统,作用是构建中小型网站;它采用PHP+MySQL技术开发,可同时使用于windows、linux、unix平台。

dedecms是PHP语言开发的;dedecms中文全称是织梦内容管理系统,是一个PHP开源网站管理系统;dedecms基于PHP和MySQL技术开发,可同时使用于Windows、Linux、Unix平台。

dedecms有移动端,其移动端安装方法是:1、将DATA移到根目录外的安全设置,修改“/m/index.php”代码;2、在“更新主页HTML”中,将“选择主页模板”改为“default/index_m.htm”;3、将首页“图文资讯”的url修改为移动端链接;4、设置移动站可通过二级域名访问即可。

dedecms删除栏目的方法:1、登录后台管理;2、进入“栏目管理”,可以看到当前网站所有栏目;3、选择要删除的栏目;4、将鼠标悬停在栏目名称上,删除栏目;5、点击“确认”按钮以继续删除操作;6、删除成功。

dedecms缩略图报错的解决办法:1、将windows目录设置为user读权限;2、将“windows/Temp”设置为user读写权限;3、找到php.ini中的“upload_tmp_dir”目录,然后去掉前面的分号;4、设置地址,赋予user读写权限即可。

12 月 3 日下午,DedeCMS 创始人林学(IT 柏拉图)因罹患癌症逝世。林学生于 1979 年 10 月 10 日,于 2004 年 8 月编写的 DedeCMS 至今仍有数十万企业、个人站长使用。

织梦内容管理系统(DedeCMS) 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用用户最多的PHP类CMS系统,在经历多年的发展,目前的版本无论在功能,还是在易用性方面,都有了长足的发展和进步。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

WebStorm Mac version
Useful JavaScript development tools

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

SublimeText3 Chinese version
Chinese version, very easy to use

Dreamweaver Mac version
Visual web development tools