ProcessWire - Sicherheit: Unterschied zwischen den Versionen

ProcessWire absichern

Ausführliche Erläuterung gibt's auf

https://processwire.com/docs/security/

Installer Vorschläge

 Note that future runtime errors are logged to /site/assets/logs/errors.txt (not web accessible).
 For more configuration options see /wire/config.php and place any edits in /site/config.php.
 Consider making your /site/config.php file non-writable, and readable only to you and Apache.
 View and edit your .htaccess file to force HTTPS, setup redirects, and more.

Quickstart Security

Kurzform

Potential permissions for writable directories and files

Permission 755 for directories and 644 for files
Worst case: 777 for directories and 666 for files

Potential permissions for /site/config.php

Recommend settings if you don't need write access: 
400 [r--------] readable by owner (most secure, if it works)
440 [r--r-----] readable by owner and group (if 400 doesn't work)

Recommended settings if you need write access: 
600 [rw-------] readable and writable by owner (most secure, if it works)
640 [rw-r-----] readable and writable by owner, readable to group
660 [rw-rw----] readable and writable by owner and group

Not recommended unless nothing else will work:*
444 [r--r--r--] readable by all
644 [rw-r--r--] readable by all, writable to owner
664 [rw-rw-r--] readable by all, writable to owner and group

Assets

755 site/assets (rekursiv)

Further Considerations

Determining what user apache runs as (<?php echo exec('whoami');)
Should /site/modules/ be writable?