How to set up the environment security of DedeCMS server?
DedeCMS server environment security settings
Recommended learning:伟梦cms
The current Internet environment is becoming more and more severe. Security has always been a problem that cannot be ignored by program developers and webmasters. How to choose an easy-to-use and safe program? Building a secure server environment has always been something that most webmasters are eager to know. This article combines the server and DedeCMS to configure a safe environment.
1. Directory permissions
We do not recommend that users set the column directory in the root directory because it will be very troublesome to set up security in this way. By default, after the installation is completed, the directory The settings are as follows:
(1) Data, templets, uploads, a or 5.3 html directory, set readable, writeable, non-executable permissions;
(2) If no special topic is required, it is recommended To delete the special directory, you need to delete special/index.php after generating HTML and then set the directory to read, write, and non-executable permissions;
(3) include, member, plus, and background management directories Set as an executable script, readable but not writable (if additional modules are installed, the book, ask, company, and group directories are also set in this way).
2. Other issues that need attention
(1) Although the install directory has been strictly processed, for the sake of safety, we still recommend deleting it;
( 2) Do not directly use the MySQL root user's permissions on the website. Set up an independent MySQL user account for each website. The permissions are:
SELECT, INSERT, UPDATE, DELETE
CREATE, DROP , INDEX, ALTER, CREATE TEMPORARY TABLES
Since DEDE does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. permissions to perform stored procedures or file operations.
3. How to set the permissions of the directory?
For users who know how to use Linux, I believe most of them already know these things. For IIS users, please see the picture below:
3.1 Set the directory to read-only permissions
First Copy the permissions
Set the directory to read-only permission
3.2 Set the directory to not allow script execution
In addition, it should be noted that neither IIS nor Apache should add .php and .inc files to mime, otherwise the system will prohibit downloading of these files.
4. Apache site security settings
If you are under Windows 2003, you can perform the following operations on Apache:
4.1 Create an account in the local users and groups in computer management , for example: DedeApache, set the password to DedeApachePWD, join the guests group (if a problem occurs, you can grant user permissions);
4. 2 Open Start->Administrative Tools->Local Security Policy, in "User Select "Log in as a service" in "Permission Assignment" and add the DedeApache user; Select the box to switch from the local system account to this account, then search and select DedeApache, enter the password DedeApachePWD, and then click OK (at this time, apache cannot start normally, and generally an error will be reported: Apache2.2 service reason 1 (0×1) service Stopped due to sexual error.);
4.4. Grant the apache installation directory (for example: D:/apache2.2) and web directory (for example: D:/wwwroot) DedeApache account Read and write permissions, remove all permissions except administrator and system from the root directory of each disk, and grant readable column directory permissions to the apache account of the root directory of the disk where the DedeApache installation directory is located
We can add the following content in the site configuration:
<Directory "D:\dedecms\www\uploads"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\data"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\templets"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory> <Directory "D:\dedecms\www\a"> <FilesMatch ".php"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
This corresponds to canceling the script execution permission of the corresponding directory.
5. Change of data directory path
In addition, in DedeCMS V5.7, users can also set the data directory to the upper level non-web access directory. The basic operation is as follows:
5.1. Move the data directory to the upper level directory, just cut it here;
5.2. Configure the DEDEDATA file in include/common.inc.php
define( 'DEDEDATA', DEDEROOT.'/data');
can be changed to a class such as:
define('DEDEDATA', DEDEROOT.'/../../data');
5. 3. Set the template cache path in the background
The above is the detailed content of How to set up the security environment of Dreamweaver server. For more information, please follow other related articles on the PHP Chinese website!