Is the above solution still usable, and does it also work for CMSimple_XH?johnjdoe wrote:Peter Harteg in official forum wrote:There is a big issue with security and the file permissions used with CMSimple on shared Linux/Apache web servers. Weak scripts on other peoples sites may allow a hacker to access to a CMSimple folder to delete or edit files.
I now recommend the following as a minimum:
Install CMSimple with the following default permissions (i.e. rwxr-wr-w or 755 for all folders, and rw-r--r-- or 644 for all files)
Then only alter the permissions as follows:
Folders :
content
downloads
images
rwxrwxrwx or 777 (folders only, not the contents)
Files:
<cmsimple>config.php
<cmsimple>log.txt
<cmsimple>/<languages>/*.php (all, or each of the language files you are using)
<content>/content.htm
<templates>/<*YOUR TEMPLATE NAME*>/template.htm
<templates>/<*YOUR TEMPLATE NAME*>/stylesheet.css
rw-r--rw- or 646
Hopefully only the logged in CMSimple or FTP user can write to or edit/delete these files.
Improved security on file permissions
Re: Improved security on file permissions
Re: Improved security on file permissions
See the FAQ for detailed explanation: http://www.cmsimple-xh.de/faq/en/?Insta ... i_apply%3F
Re: Improved security on file permissions
Thank you.leenm wrote:See the FAQ for detailed explanation: http://www.cmsimple-xh.de/faq/en/?Insta ... i_apply%3F