ProcessWire - Sicherheit: Unterschied zwischen den Versionen

ProcessWire absichern[Bearbeiten]

Ausführliche Erläuterung gibt's auf

https://processwire.com/docs/security/

Installer Vorschläge[Bearbeiten]

• Note that future runtime errors are logged to /site/assets/logs/errors.txt (not web accessible).
• For more configuration options see /wire/config.php and place any edits in /site/config.php.
• Consider making your /site/config.php file non-writable, and readable only to you and Apache.
• View and edit your .htaccess file to force HTTPS, setup redirects, and more.

Quickstart Security[Bearbeiten]

Kurzform

Potential permissions for writable directories and files

Permission 755 for directories and 644 for files
Worst case: 777 for directories and 666 for files

Potential permissions for /site/config.php

Recommend settings if you don't need write access: 
400 [r--------] readable by owner (most secure, if it works)
440 [r--r-----] readable by owner and group (if 400 doesn't work)

Recommended settings if you need write access: 
600 [rw-------] readable and writable by owner (most secure, if it works)
640 [rw-r-----] readable and writable by owner, readable to group
660 [rw-rw----] readable and writable by owner and group

Not recommended unless nothing else will work:*
444 [r--r--r--] readable by all
644 [rw-r--r--] readable by all, writable to owner
664 [rw-rw-r--] readable by all, writable to owner and group

Assets

755 site/assets (rekursiv)

Further Considerations

Determining what user apache runs as (<?php echo exec('whoami');)
Should /site/modules/ be writable?