Reputation: 209
Securing bolt cms installation for production
I am using the bolt cms. I want to take it to production, however just noticed that the documentation and other tutorials ask me to do this :
chmod -R 777 files/ app/database/ app/cache/ app/config/ theme/
I am not a security expert, but from what I've read 777 is usually a bad idea. I understand that the uploads and cache dirs to be 777, but not sure why others are required.
I wanted to know, if
- What are the security risks involved, if any.
- There is another way to se up bolt or workarounds for production
Upvotes: 4
Views: 1335
Answers (3)
Reputation: 116
777 is very insecure but it depends on the configuration of your web server.
You should try setting to 755 (only owner can write), if that doesn't work try 775 (owner and group can write). Only use 777 as a last resort.
Upvotes: 0
Reputation: 31
777 means everyone can read, write, execute anything in that dir, if you concern about security you may try this solutiion
You can deny execution from web by using apache rewrite rule Order Deny,Allow Deny from All
Upvotes: 0
Reputation: 127
You need
- files/ for upload
- app/database/ for database if you are using sqlight, not necessary for mysql and postgres
- app/cache/ for cache
- app/config/ and theme/ if you want to edit your config or template files over the backend of bolt cms. It is more secure to not allowing this and edit it over ssh or ftp.
Upvotes: 3
Related Questions
- Deploying a Mercurial Repository to Production - Security Concerns and Tips
- Security concerns with using Composer Install in production environment
- How to protect my source code when deployed?
- How to run custom PHP code in Bolt CMS?
- Setting Bolt Configuration Per Environment
- Running PHP scripts with Bolt CMS
- implement permissions on extension Bolt CMS (Silex)
- hardening drupal for a live deployment
- PHP Configuration Module Security Considerations
- Stable PHP CMS for hacking against