Admin Panel 2: Server Security

From The Uniform Server Wiki
Jump to: navigation, search
Admin Panel 2

Security Console when run for the first time you may be alarmed to find with the exception of local view your servers are Unsecured.

A default installation with you as the only person with physical access to your PC your servers are secure.

The security status is referring to the situation when you allow others access to your servers either physically (PC access) or remotely (putting your servers online).

I have reproduced the Security Center page below click any link to the right for more detail.

Security Center

» Security Center

User Management Security

This part of the security center will check all user management settings to make sure that everything is set. It will tell you if something needs to be changed.

SECURITY MSG STATUS
Admin Panel UNSECURE
If the username/password is still set to root, then you probably need to change this by clicking the UNSECURE link.  
Personal Server UNSECURE
If the username/password is still set to root, then you probably need to change this by clicking the UNSECURE link.  
MySQL Server UNSECURE
If the password is still set to root, then you probably need to change this by clicking the UNSECURE link.  
   
Server Security  
This part of the security center will check and make sure the server settings are appropriate and set correctly.  
SECURITY MSG STATUS
Local View SECURE
Due to the fact that some PC's have a different hostname set rather than localhost, we use the IP method here. This checks to make sure that you are viewing the Admin Panel (this) from local.  
PHP Safe Mode UNSECURE
This checks to see if PHP is running in SAFE MODE. Now, PHP does not have to run in SAFE MODE, but if you want the extra security, you can set it by clicking on the UNSECURE link.  
Admin Panel Access UNSECURE
While this is another feature that is not throughly important as other features are in place against outside access to the Admin Panel, this checks to see if your Admin Panel is secured using the Auth method. Please change this by editing the w:/home/admin/www/.htaccess file.  
Server Access UNSECURE
If you are running your server in Production Mode, Skip this one. If not and you would like to add more security to the server by blocking it using the Auth method, then change this in by editing the w:/www/.htaccess file.  

Top

Root folder www

With your server online files placed in folder www are public meaning people can get at them. This is what a web sever is all about, but think about the implications!

For example when writing PHP code and use include files do not give them a file extension .inc! They are text files and directly readable using a browser this will compromise your security.

Suppose the file in question is used for connecting to your MySQL server and you name it config_db.inc and have the following content:

<?
// Database configuration file config_db.php
$dbhost = 'localhost'; //server name localhost or 127.0.0.1
$dbuser = 'root'; //User name default root
$dbpass = 'fred123'; //Password default root -- Hello world this is my password ''fred123''
?>

Type something like this into your browser http://yourdomain/config_db.inc

Your browser displays it as a text file now do you really want to give that information away.

Make sure your include files have the extension of .php the code gets striped before being served as a text file.

Point

My point of showing the above, no matter how secure Uniform Server’s design team makes it you has a user must make sure you do not compromise that security.

Back to Apanel Introduction

Top


Uc small logo.gif Ric