How to set up security settings for the DedeCMS server website directory?
Because of the ease of use of dedecms, many webmaster friends are using dedecms. However, for the sake of security, we need to perform security settings on our server. If there is no server, it can also be set up through the virtual host online management program.
Recommended study: 梦Weavercms
Today’s Internet environment is becoming more and more severe, and security has always been a priority for program developers and webmasters A problem that cannot be ignored, how to choose an easy-to-use, safe program and how to build a safe server environment has always been what the majority of webmasters are eager to know. This article combines the server and DedeCms to configure a safe environment.
1. Directory permissions
We do not recommend that users set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory The settings are as follows:
(1) Data, templets, uploads, a or 5.3 html directory, set readable, writeable, non-executable permissions;
(2) If no special topic is required, it is recommended To delete the special directory, you need to delete special/index.php after generating HTML and then set the directory to read, write, and non-executable permissions;
(3) include, member, plus, and background management directories Set as an executable script, readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in this way).
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for the sake of safety, we still recommend deleting it;
( 2) Do not directly use the MySQL root user's permissions on the website. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE, DROP , INDEX, ALTER, CREATE TEMPORARY TABLES
Since dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
3.1 Set the directory to read-only permissions
First Copy the permissions
Set the directory to read-only permission
3.2 Set the directory to not allow script execution
In addition, it should be noted that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
4. Apache site security settings
If you are under Windows 2003, you can perform the following operations on Apache:
4.1 Create an account in the local users and groups in computer management , for example: DedeApache, set the password to DedeApachePWD, join the guests group (if a problem occurs, you can grant user permissions);
4. 2 Open Start->Administrative Tools->Local Security Policy, in "User Select "Log in as a service" in "Permission Assignment" and add the DedeApache user; Select the box to switch from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time, apache cannot start normally, and generally an error will be reported: Apache2.2 service reason 1 (0x1) service error And stop.);
4.4. Grant the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) DedeApache account access Read and write permissions, remove all permissions except administrator and system from the root directory of each disk, and grant readable column directory permissions to the apache account of the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
The code is as follows:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
5. Change of data directory path
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
5.1. Move the data directory to the upper level directory, just cut it here;
5.2. Configure the DEDEDATA file in include/common.inc.php
define('DEDEDATA', DEDEROOT.'/data');
Okay Change it to a class such as:
define('DEDEDATA', DEDEROOT.'/../../data');
5. 3. Set the template cache path in the background
The above is the detailed content of How to set up security settings for DedeCMS server website directory. For more information, please follow other related articles on the PHP Chinese website!

dedecms增加多语言的方法:1、进入dedecms后台,创建封面栏目;2、将封面栏目“常规选项”的文件保存目录设置为cn或者en;3、将封面栏目“高级选项”的列表模板设置为“cn_index.htm”或者“en_index.htm”;4、单独调用每种语言的封面栏目和每种语言下的导航栏目即可。

织梦cms是用PHP语言写的。织梦CMS(DedeCMS)是一个PHP开源网站管理系统,作用是构建中小型网站;它采用PHP+MySQL技术开发,可同时使用于windows、linux、unix平台。

dedecms是PHP语言开发的;dedecms中文全称是织梦内容管理系统,是一个PHP开源网站管理系统;dedecms基于PHP和MySQL技术开发,可同时使用于Windows、Linux、Unix平台。

dedecms删除栏目的方法:1、登录后台管理;2、进入“栏目管理”,可以看到当前网站所有栏目;3、选择要删除的栏目;4、将鼠标悬停在栏目名称上,删除栏目;5、点击“确认”按钮以继续删除操作;6、删除成功。

织梦内容管理系统(DedeCMS) 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用用户最多的PHP类CMS系统,在经历多年的发展,目前的版本无论在功能,还是在易用性方面,都有了长足的发展和进步。

dedecms有移动端,其移动端安装方法是:1、将DATA移到根目录外的安全设置,修改“/m/index.php”代码;2、在“更新主页HTML”中,将“选择主页模板”改为“default/index_m.htm”;3、将首页“图文资讯”的url修改为移动端链接;4、设置移动站可通过二级域名访问即可。

火车头dedecms出现乱码解决方法:1、检查数据库编码;2、修改dedecms配置文件;3、检查浏览器编码设置;4、清理缓存和临时文件;5、寻求专业帮助。

12 月 3 日下午,DedeCMS 创始人林学(IT 柏拉图)因罹患癌症逝世。林学生于 1979 年 10 月 10 日,于 2004 年 8 月编写的 DedeCMS 至今仍有数十万企业、个人站长使用。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

Dreamweaver Mac version
Visual web development tools

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

Atom editor mac version download
The most popular open source editor

SublimeText3 Linux new version
SublimeText3 Linux latest version
