Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Make files and sections secure, keep robots away
I need some basic advice on security within Textpattern and in general, just in case I am making false assumptions.
Safe permissions for section and file
I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:
<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>
- I am assuming that line cannot be exploited, yes?
- Is the
textpattern
folder any more secure than the root folder? - I am using 644 permissions. OK?
- What is max safe permission for a file such as this?
Excluding robots
I can use robots.txt, meta robots in head and rah_sitemap to prevent robots harvesting my private data. But can I really? Google does whatever it feels like imho, plus many other robots do not do what they are told.
- By password-protecting a section, does this prevent robots entering the section?
- Is the only way to real security
https
? - What do you guys feel comfortable with for safe sections of a site?
BTW, the data isn’t super-sensitive, but it is personal and could probably be exploited by an identity thief if they went to a lot of trouble
Offline
Offline
Re: Make files and sections secure, keep robots away
zero wrote:
I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:
<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>
have you tried putting the file in /home/ ?
…. texted postive
Offline
Re: Make files and sections secure, keep robots away
bici wrote:
zero wrote:
I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:
<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>
have you tried putting the file in /home/ ?
I’m no longer using that file, bici. Using cbe_frontauth instead.
Offline