[CentOS] securing web applications (Wiki CMS installation)
Simon Jolle
urandomdev at gmail.com
Tue Feb 12 10:11:21 UTC 2008
2008/2/11, James A. Peltier <jpeltier at cs.sfu.ca>:
> This is a very broad question to ask, however, I will appeal to the basics.
>
> 1) Use HTTPS whenever possible to avoid any passwords crossing the wire
> in clear text.
>
> 2) Ensure only the necessary modules are installed or enabled for your
> CMS to operate.
>
> 3) Always think least permissions necessary to perform the task
>
> 4) Ensure that MySQL is locked down with least permissions necessary.
> At the very least after you've installed MySQL make sure to run the
> secure-mysql-installation script to assign a password to the MySQL root
> user and lock down some of the basic tables.
>
> Each system is different and you should follow the guidelines outlined
> by the CMS to properly secure. If you are not sure of what you are
> deploying, that's kinda scary, you should be weary of that and tread
> lightly.
thank you
I will deploy Wikka Wiki [0] - there are no explicit security settings
or guidelines
How to harden Apache and PHP (without using SELinux)?
cheers
Simon
[0] http://wikkawiki.org/HomePage
--
XMPP: sjolle at swissjabber.org
More information about the CentOS
mailing list