Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Any security issues regarding registration?
Are there any security or other issues I should be aware of if I don’t use a password-protect or a self-register plugin? It’s a community site where the public can add photos and articles. Registration is via zem_contact_reborn and requires the new registrant to email their first article or photo to show they are not timewasters. Admin then approves it and sends them their login details. They get staff writer privileges.
Offline
Re: Any security issues regarding registration?
You should store uploaded files on a location which is not accessible from the web.
Offline
Re: Any security issues regarding registration?
wet wrote:
You should store uploaded files on a location which is not accessible from the web.
Thanks. I’m using Apache server and according to the weblog article I should “rename the .htaccess-dist file in the /files directory to .htaccess to prohibit direct URL access to your files. Thus the only route to these files becomes through /file_download.” I’ve done that and also moved /files out of the root directory. Are there any other similar issues or common sense recommendations?
Offline
Re: Any security issues regarding registration?
It’s not necessary to do both, since .htaccess has no effect outside the document root. Doesn’t hurt though, in case the /files location by accident falls inside document root.
Offline
Re: Any security issues regarding registration?
ruud wrote:
It’s not necessary to do both, since .htaccess has no effect outside the document root. Doesn’t hurt though, in case the /files location by accident falls inside document root.
Thanks Ruud, I thought that but moved /files anyway as it seems a good habit to get into.
Offline