Difference between revisions of "Security Guidelines"
From GeeklogWiki
(About time to start this page ...) |
(link to Clickjacking Protection) |
||
| Line 8: | Line 8: | ||
* Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it. | * Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it. | ||
* Change the permissions for the <tt>db-config.php</tt> and <tt>siteconfig.php</tt> files so that they are no longer writable. | * Change the permissions for the <tt>db-config.php</tt> and <tt>siteconfig.php</tt> files so that they are no longer writable. | ||
| + | |||
| + | |||
| + | == Configuration Options == | ||
| + | |||
| + | * Geeklog 1.6.0 (as of beta 3) provides some [[Clickjacking Protection|protection against Clickjacking]]. It's enabled by default and should usually be left that way. | ||
Latest revision as of 15:51, 14 June 2009
Recommendations to secure your Geeklog site.
After Installation
Please follow the recommendations outlined in the installation instructions and contained in the reminders that are built into Geeklog:
- Change the default password of the Admin account!
- Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
- Change the permissions for the db-config.php and siteconfig.php files so that they are no longer writable.
Configuration Options
- Geeklog 1.6.0 (as of beta 3) provides some protection against Clickjacking. It's enabled by default and should usually be left that way.
Daily Use
- Consider using an account that has only the permissions that you actually need. For example, you may be spending most of your time on the site writing articles. For that, you do not need to be in the User Admin group.
Staying up to date
We recommend that you subscribe to the (low traffic) geeklog-announce mailing list to be informed about new Geeklog releases and security issues. You can also subscribe to the RSS feed of the Security topic on the Geeklog homepage.
(to be continued)
