This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » Setup & design » User edit bug
expandshrink

User edit bug

User edit bug

Monday 19 May 2003 5:03:52 pm - 1 reply

I've seen that there are some problems with security with http://www.**.**/user/edit/** and have also red that if you install the demodata and use it for a site..the demo-setup is not secure.

I'm using this for a site..just deleted the demodata in the admin-interface, and changed pagelayout.tpl, so how can I secure my site?
Have installed the User edit bug fix patch.

Are there any more things I have to do to get a secure eZ publish site?

Tuesday 20 May 2003 7:14:04 pm

A virtual host setup is usually more secure than a non virtual host setup. This is because you can use Apache's rewrite rules.
If you are running a non virtual host setup, you should make sure that all your site.ini.append (and other .append files) are renamed to site.ini.append.php and place everything in these files inside PHP comments.

ex:

<?php
/*
[my block]
myvariable=3
*/
?>

This will help if people get a way to access these files directly (then they will be parsed in the PHP module and all comments are stripped, so the file will be empty for the user).

You should also use the wash() function wherever appropriate. Check the template section on http://ez.no/sdk for more information about this

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from