How to set up security settings for DedeCMS server website directory

How to set up security settings for the DedeCMS server website directory?

Because of the ease of use of dedecms, many webmaster friends are using dedecms. However, for the sake of security, we need to perform security settings on our server. If there is no server, it can also be set up through the virtual host online management program.

Recommended study: 梦Weavercms

Today’s Internet environment is becoming more and more severe, and security has always been a priority for program developers and webmasters A problem that cannot be ignored, how to choose an easy-to-use, safe program and how to build a safe server environment has always been what the majority of webmasters are eager to know. This article combines the server and DedeCms to configure a safe environment.

1. Directory permissions

We do not recommend that users set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory The settings are as follows:

(1) Data, templets, uploads, a or 5.3 html directory, set readable, writeable, non-executable permissions;

(2) If no special topic is required, it is recommended To delete the special directory, you need to delete special/index.php after generating HTML and then set the directory to read, write, and non-executable permissions;

(3) include, member, plus, and background management directories Set as an executable script, readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in this way).

2. Other issues that need attention

(1) Although the install directory has been strictly processed, for the sake of safety, we still recommend deleting it;

( 2) Do not directly use the MySQL root user's permissions on the website. Set up an independent MySQL user account for each website. The permissions are:

SELECT, INSERT, UPDATE, DELETE

CREATE, DROP , INDEX, ALTER, CREATE TEMPORARY TABLES

Since dede does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.

3. How to set the permissions of the directory?

For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:

3.1 Set the directory to read-only permissions

First Copy the permissions

Set the directory to read-only permission

3.2 Set the directory to not allow script execution

In addition, it should be noted that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.

4. Apache site security settings

If you are under Windows 2003, you can perform the following operations on Apache:

4.1 Create an account in the local users and groups in computer management , for example: DedeApache, set the password to DedeApachePWD, join the guests group (if a problem occurs, you can grant user permissions);

4. 2 Open Start->Administrative Tools->Local Security Policy, in "User Select "Log in as a service" in "Permission Assignment" and add the DedeApache user; Select the box to switch from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time, apache cannot start normally, and generally an error will be reported: Apache2.2 service reason 1 (0x1) service error And stop.);

4.4. Grant the apache installation directory (for example: D:/apache2.2) and the web directory (for example: D:/wwwroot) DedeApache account access Read and write permissions, remove all permissions except administrator and system from the root directory of each disk, and grant readable column directory permissions to the apache account of the root directory of the disk where the DedeApache installation directory is located

We can add the following content in the site configuration:

The code is as follows:

<Directory "D:\dedecms\www\uploads"> 
<FilesMatch ".php"> 
Order Allow,Deny 
Deny from all 
</FilesMatch> 
</Directory> 
<Directory "D:\dedecms\www\data"> 
<FilesMatch ".php"> 
Order Allow,Deny 
Deny from all 
</FilesMatch> 
</Directory> 
<Directory "D:\dedecms\www\templets"> 
<FilesMatch ".php"> 
Order Allow,Deny 
Deny from all 
</FilesMatch> 
</Directory> 
<Directory "D:\dedecms\www\a"> 
<FilesMatch ".php"> 
Order Allow,Deny 
Deny from all 
</FilesMatch> 
</Directory>

This corresponds to canceling the script execution permission of the corresponding directory.

5. Change of data directory path

In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:

5.1. Move the data directory to the upper level directory, just cut it here;

5.2. Configure the DEDEDATA file in include/common.inc.php

define('DEDEDATA', DEDEROOT.'/data');

Okay Change it to a class such as:

define('DEDEDATA', DEDEROOT.'/../../data');

5. 3. Set the template cache path in the background

The above is the detailed content of How to set up security settings for DedeCMS server website directory. For more information, please follow other related articles on the PHP Chinese website!