security security
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

security

Started by dmcdivitt, January 12, 2007, 10:53:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

dmcdivitt

January 12, 2007, 10:53:25 PM
I just installed Coppermine. Really cool! In the setup documentation it said to place the Coppermine directory off the htdocs directory and CHMOD all permissions to 777. I did that. Is it safe to leave it that way? Did the setup script address this issue? Thanks for making such a good application.

Nibbler

#1
January 12, 2007, 10:57:34 PM
It doesn't say to set everything to 777. You set specific folders to either 777 or to 775 depending on how your server is configured.

dmcdivitt

#2
January 12, 2007, 11:07:20 PM
Everything has 777 now. Do I need to change it? To what value? Thanks

eruss

#3
January 13, 2007, 05:21:04 AM
Quote from: dmcdivitt on January 12, 2007, 11:07:20 PM
Everything has 777 now. Do I need to change it? To what value? Thanks


It's in the instruction manual, aka "the docs".  755 is more secure if it works on your server.

http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#how

dmcdivitt

#4
January 13, 2007, 10:36:28 AM
Thanks! I read the docs and 755 works on all files and folders OK. Boy, it was a pain doing all the research necessary to get uploads working. So much trial and error! Found a default php.ini to use.

About the files created at setup. Should those be protected with .htaccess so they can't be accessed via http?

Joachim Müller

#5
January 13, 2007, 11:24:24 AM
No.
Print
Go Up Pages1
User actions