Getting started

Main page
Install BIGACE
Upgrade BIGACE
User Manual

Development

Smarty TAGs
PHP API
Templates

Tutorials

Create Templates
Create Portlets
Using Smarty
Customize Search

Plugins

All Extensions
Authoring
Create a Package

Wiki Tools

Sitemap
Show pagesource
Links to this page Old revisions
Recent changes

Personal tools

Translations of this page:
You are here: Getting started » Admin Handbook » Security
Trace: » AJAX Item Information » Updates » BIGACE Manual » BIGACE with LightHTTPD » Security
Table of Contents

Links of interest:

Security

Make sure, that ONLY the files in the folder:

  1. ./
  2. ./addon/
  3. ./public/

are accessible from outside (via Webserver).

In other words the folder:

  1. /consumer/
  2. /misc/
  3. /system/

need our attention.

To make sure none of these folders (and files) can be read by a Browser, there are several ways.

htaccess

One solution (supported by the BIGACE Installer) is to use .htaccess files.

Place them in the mentioned folders:

  • /consumer/
  • /misc/
  • /system/

Add the following code to the .htaccess files: 

deny from all

Tip: The required .htaccess files come with BIGACE and can automatically be placed at the correct locations when installing, choosing the option “Usage of Rewrite engine allowed”.

Note: If you use .htaccess files and the Webserver denies its usage, you might encounter “System error” pages.

Directory permission

The other way could be to change the file and folder permission, to make sure they cannot be accessed from outside. As long as this depends on your hosting environment, you should test it.

Try this: 

sudo chmod -R 644 /var/www/wherever
sudo chmod -R +X /var/www/wherever
 

Powered by DokuWiki. All rights reserved.
© 2002-2010, BIGACE Web CMS Community and Kevin Papst.
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Valid XHTML 1.0 Valid CSS