Admin Panel 2: Server Security
| Admin Panel 2 |
Security Console when run for the first time you may be alarmed to find with the exception of local view your servers are Unsecured.
A default installation with you as the only person with physical access to your PC your servers are secure.
The security status is referring to the situation when you allow others access to your servers either physically (PC access) or remotely (putting your servers online).
I have reproduced the Security Center page below click any link to the right for more detail.
Security Center
User Management Security
This part of the security center will check all user management settings to make sure that everything is set. It will tell you if something needs to be changed.
| SECURITY MSG | STATUS |
| Admin Panel | UNSECURE |
| If the username/password is still set to root, then you probably need to change this by clicking the UNSECURE link. | |
| Personal Server | UNSECURE |
| If the username/password is still set to root, then you probably need to change this by clicking the UNSECURE link. | |
| MySQL Server | UNSECURE |
| If the password is still set to root, then you probably need to change this by clicking the UNSECURE link. | |
| Server Security | |
| This part of the security center will check and make sure the server settings are appropriate and set correctly. | |
| SECURITY MSG | STATUS |
| Local View | SECURE |
| Due to the fact that some PC's have a different hostname set rather than localhost, we use the IP method here. This checks to make sure that you are viewing the Admin Panel (this) from local. | |
| PHP Safe Mode | UNSECURE |
| This checks to see if PHP is running in SAFE MODE. Now, PHP does not have to run in SAFE MODE, but if you want the extra security, you can set it by clicking on the UNSECURE link. | |
| Admin Panel Access | UNSECURE |
| While this is another feature that is not throughly important as other features are in place against outside access to the Admin Panel, this checks to see if your Admin Panel is secured using the Auth method. Please change this by editing the w:/home/admin/www/.htaccess file. | |
| Server Access | UNSECURE |
| If you are running your server in Production Mode, Skip this one. If not and you would like to add more security to the server by blocking it using the Auth method, then change this in by editing the w:/www/.htaccess file. |
Root folder www
With your server online files placed in folder www are public meaning people can get at them. This is what a web sever is all about, but think about the implications!
For example when writing PHP code and use include files do not give them a file extension .inc! They are text files and directly readable using a browser this will compromise your security.
Suppose the file in question is used for connecting to your MySQL server and you name it config_db.inc and have the following content:
<? // Database configuration file config_db.php $dbhost = 'localhost'; //server name localhost or 127.0.0.1 $dbuser = 'root'; //User name default root $dbpass = 'fred123'; //Password default root -- Hello world this is my password ''fred123'' ?>
Type something like this into your browser http://yourdomain/config_db.inc
Your browser displays it as a text file now do you really want to give that information away.
Make sure your include files have the extension of .php the code gets striped before being served as a text file.
Point
My point of showing the above, no matter how secure Uniform Server’s design team makes it you has a user must make sure you do not compromise that security.
Back to Apanel Introduction
 |
Ric |