Improved security on file permissions

[ScottyNL]

There is a big issue with security and the file permissions used with CMSimple on shared Linux/Apache web servers. Weak scripts on other peoples sites may allow a hacker to access to a CMSimple folder to delete or edit files.

I now recommend the following as a minimum:

Install CMSimple with the following default permissions (i.e. rwxr-wr-w or 755 for all folders, and rw-r--r-- or 644 for all files)

Then only alter the permissions as follows:

Folders :

content
downloads
images

rwxrwxrwx or 777 (folders only, not the contents)

Files:

<cmsimple>config.php
<cmsimple>log.txt
<cmsimple>/<languages>/*.php (all, or each of the language files you are using)
<content>/content.htm
<templates>/<*YOUR TEMPLATE NAME*>/template.htm
<templates>/<*YOUR TEMPLATE NAME*>/stylesheet.css

rw-r--rw- or 646

Hopefully only the logged in CMSimple or FTP user can write to or edit/delete these files.

Is the above solution still usable, and does it also work for CMSimple_XH?

[leenm]

See the FAQ for detailed explanation: http://www.cmsimple-xh.de/faq/en/?Insta ... i_apply%3F

[ScottyNL]

See the FAQ for detailed explanation: http://www.cmsimple-xh.de/faq/en/?Insta ... i_apply%3F

Thank you.