Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2012-07-30 14:16:45

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

Make files and sections secure, keep robots away

I need some basic advice on security within Textpattern and in general, just in case I am making false assumptions.

Safe permissions for section and file

I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:

<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>
  1. I am assuming that line cannot be exploited, yes?
  2. Is the textpattern folder any more secure than the root folder?
  3. I am using 644 permissions. OK?
  4. What is max safe permission for a file such as this?

Excluding robots

I can use robots.txt, meta robots in head and rah_sitemap to prevent robots harvesting my private data. But can I really? Google does whatever it feels like imho, plus many other robots do not do what they are told.

  1. By password-protecting a section, does this prevent robots entering the section?
  2. Is the only way to real security https ?
  3. What do you guys feel comfortable with for safe sections of a site?

BTW, the data isn’t super-sensitive, but it is personal and could probably be exploited by an identity thief if they went to a lot of trouble


BB6 Band My band
Gud One My blog

Offline

#2 2012-08-09 16:06:07

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

Re: Make files and sections secure, keep robots away

OK, I’ll put it another way in the hope someone knows:

Is there a way to prevent google and other engines harvesting my private data on a password-protected, meta-robots excluded, robots.txt disallowed section?


BB6 Band My band
Gud One My blog

Offline

#3 2012-08-09 17:14:56

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,120
Website Mastodon

Re: Make files and sections secure, keep robots away

zero wrote:

I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:

<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>

have you tried putting the file in /home/ ?


…. texted postive

Offline

#4 2012-08-09 18:03:19

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

Re: Make files and sections secure, keep robots away

bici wrote:

zero wrote:

I have a protected section (front end) which only registered users can view. It is protected with zubrag password protect script. This uses the following at the top of the protected page template:

<txp:php> include("/home/public_html/mysite/textpattern/protect.php"); </txp:php>

have you tried putting the file in /home/ ?

I’m no longer using that file, bici. Using cbe_frontauth instead.


BB6 Band My band
Gud One My blog

Offline

Board footer

Powered by FluxBB