Making our applications safer

ez	#1 2012-04-23 13:58
Contributors Thanked: 10 times	Since increased security is becomming more and more important, I was reading about it a lot.. i found this link: http://bodvoc.com/index.php?option=com_content&view=article&id=43:improving-your-joomla-htaccess-file&catid=2:joomla-security&itemid=3 Even though its a Joomla link, this is about htaccess... There are some rules in there we can use to prevent shit.. What do you think ? There is more: All files CHMOD on 644 Folders CHMOD on 755. config.php CHMOD on 640 Nothing should have 777. !! I would really love it if we have a ready to use htaccess with basic security stuff for Cotonti !! ==- I say: Keep it EZ -==

#1 2012-04-23 13:58

Since increased security is becomming more and more important, I was reading about it a lot..

i found this link: http://bodvoc.com/index.php?option=com_content&view=article&id=43:improving-your-joomla-htaccess-file&catid=2:joomla-security&itemid=3

Even though its a Joomla link, this is about htaccess...

There are some rules in there we can use to prevent shit..

What do you think ?

There is more:

All files CHMOD on 644
Folders CHMOD on 755.
config.php CHMOD on 640
Nothing should have 777.

!! I would really love it if we have a ready to use htaccess with basic security stuff for Cotonti !!

==- I say: Keep it EZ -==

urlkiller	#2 2012-04-24 05:34
Contributors Thanked: 3 times	hey, i think we should have some basic security too... also we could disallow the execution of all "executable" files ... <IfModule mod_php4.c> php_value engine off </IfModule> <IfModule mod_php5.c> php_value engine off </IfModule> not everywhere but on the places where it counts. URL shortener: <a href="http://bbm.li/!7AD5C7">http://bbm.li/!7AD5C7</a>

Trustmaster	#3 2012-04-24 07:03
Administrators Thanked: 263 times	Probably worth a try. Needs extensive testing on various hostings though. May the Source be with you!

urlkiller	#4 2012-04-24 07:16
Contributors Thanked: 3 times	i think that could be easily done... this should only work as an additional security measure for the cot-users ... sure you should just delete the htaccess file and use the system without it (withour any penalties to functionality) if thats working it would be really nice... Added 1 minute later: also you could use different htaccess files all over the page instead of index.php dir blockers... i for example use the php stuff i posted above only in my datas/ folder to make sure ppl cant execute php/bash or any other files. since you could use contidional checks in the htaccess too it even could have a gracefull fallback, it might worth a thought... URL shortener: <a href="http://bbm.li/!7AD5C7">http://bbm.li/!7AD5C7</a>

urlkiller

#4 2012-04-24 07:16

Contributors
Thanked: 3 times

i think that could be easily done... this should only work as an additional security measure for the cot-users ...
sure you should just delete the htaccess file and use the system without it (withour any penalties to functionality)

if thats working it would be really nice...

Added 1 minute later:

also you could use different htaccess files all over the page instead of index.php dir blockers...
i for example use the php stuff i posted above only in my datas/ folder to make sure ppl cant execute php/bash or any other files.

since you could use contidional checks in the htaccess too it even could have a gracefull fallback, it might worth a thought...

URL shortener: <a href="http://bbm.li/!7AD5C7">http://bbm.li/!7AD5C7</a>