Difference between revisions of "Security Guidelines"

From GeeklogWiki
Jump to: navigation, search
(About time to start this page ...)
 
(link to Clickjacking Protection)
 
Line 8: Line 8:
 
* Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
 
* Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
 
* Change the permissions for the <tt>db-config.php</tt> and <tt>siteconfig.php</tt> files so that they are no longer writable.
 
* Change the permissions for the <tt>db-config.php</tt> and <tt>siteconfig.php</tt> files so that they are no longer writable.
 +
 +
 +
== Configuration Options ==
 +
 +
* Geeklog 1.6.0 (as of beta 3) provides some [[Clickjacking Protection|protection against Clickjacking]]. It's enabled by default and should usually be left that way.
  
  

Latest revision as of 15:51, 14 June 2009

Recommendations to secure your Geeklog site.

After Installation

Please follow the recommendations outlined in the installation instructions and contained in the reminders that are built into Geeklog:

  • Change the default password of the Admin account!
  • Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
  • Change the permissions for the db-config.php and siteconfig.php files so that they are no longer writable.


Configuration Options


Daily Use

  • Consider using an account that has only the permissions that you actually need. For example, you may be spending most of your time on the site writing articles. For that, you do not need to be in the User Admin group.


Staying up to date

We recommend that you subscribe to the (low traffic) geeklog-announce mailing list to be informed about new Geeklog releases and security issues. You can also subscribe to the RSS feed of the Security topic on the Geeklog homepage.


(to be continued)