How to set up security settings for the DedeCMS server website directory?
Because of the ease of use of dedecms, many webmaster friends are using dedecms. However, for the sake of security, we need to perform security settings on our server. If there is no server, it can also be set up through the virtual host online management program.
Recommended study: 梦Weavercms
Today’s Internet environment is becoming more and more severe, and security has always been a priority for program developers and webmasters A problem that cannot be ignored, how to choose an easy-to-use, safe program and how to build a safe server environment has always been what the majority of webmasters are eager to know. This article combines the server and DedeCms to configure a safe environment.
1. Directory permissions
We do not recommend that users set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory The settings are as follows:
(1) Data, templets, uploads, a or 5.3 html directory, set readable, writeable, non-executable permissions;
(2) If no special topic is required, it is recommended To delete the special directory, you need to delete special/index.php after generating HTML and then set the directory to read, write, and non-executable permissions;
(3) include, member, plus, and background management directories Set as an executable script, readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in this way).
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for the sake of safety, we still recommend deleting it;
( 2) Do not directly use the MySQL root user's permissions on the website. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE, DROP , INDEX, ALTER, CREATE TEMPORARY TABLES
Since dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
3.1 Set the directory to read-only permissions
First Copy the permissions
Set the directory to read-only permission
3.2 Set the directory to not allow script execution
In addition, it should be noted that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
4. Apache site security settings
If you are under Windows 2003, you can perform the following operations on Apache:
4.1 Create an account in the local users and groups in computer management , for example: DedeApache, set the password to DedeApachePWD, join the guests group (if a problem occurs, you can grant user permissions);
4. 2 Open Start->Administrative Tools->Local Security Policy, in "User Select "Log in as a service" in "Permission Assignment" and add the DedeApache user; Select the box to switch from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time, apache cannot start normally, and generally an error will be reported: Apache2.2 service reason 1 (0x1) service error And stop.);
4.4. Grant the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) DedeApache account access Read and write permissions, remove all permissions except administrator and system from the root directory of each disk, and grant readable column directory permissions to the apache account of the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
The code is as follows:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
5. Change of data directory path
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
5.1. Move the data directory to the upper level directory, just cut it here;
5.2. Configure the DEDEDATA file in include/common.inc.php
define('DEDEDATA', DEDEROOT.'/data');
Okay Change it to a class such as:
define('DEDEDATA', DEDEROOT.'/../../data');
5. 3. Set the template cache path in the background
The above is the detailed content of How to set up security settings for DedeCMS server website directory. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SublimeText3 Linux new version
SublimeText3 Linux latest version

Notepad++7.3.1
Easy-to-use and free code editor

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
