How to set up DedeCms security settings

How to set up DedeCms security settings?

1. Directory permissions

We do not recommend that users set the column directory in the root directory. The reason is that it will be very troublesome to set up security in this way. By default In the case of , after the installation is completed, the directory settings are as follows:

(1) data, templets, uploads, a or 5.3 html directory, set read-write, non-executable permissions;

(2) If you do not need a special topic, it is recommended to delete the special directory. If you need to, delete special/index.php after generating HTML and set the directory to read, write, and non-executable permissions;

(3) The include, member, plus, and background management directories are set to executable scripts, which are readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in the same way).

Recommended study: 梦Weavercms

2. Other issues that need attention

(1) Although the install directory has been It has been strictly processed, but for security reasons, we still recommend deleting it;

(2) Do not directly use the MySQL root user permissions on the website. Set up an independent MySQL user account and permissions for each website. For:

SELECT, INSERT , UPDATE , DELETE 
CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES

Since DEDE does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.

In addition, you need to pay attention to the fact that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.

Password replacement: f297a57a5a743894a0e4 admin

The above is the detailed content of How to set up DedeCms security settings. For more information, please follow other related articles on the PHP Chinese website!