|
| Author |
Message |
dojo
Joined: 03 Sep 2005
Posts: 287
Location: Romania, Timisoara
|
 Posted: 9/7/2005, 9:55 am Post subject: What security measures have you taken? |
 |
|
Let's discuss about the way you secure your community. Do you have something "unusual" or just the usual measures?
_________________
Webmaster articles, tutorials and topics |
|
| Back to top |
|
 |
Patrick
Administrator
Joined: 28 Aug 2005
Posts: 2212
Location: Harbinger, NC, U.S.A.
|
|
| Back to top |
|
|
harishankar
Joined: 10 Sep 2005
Posts: 203
|
| Posted: 9/11/2005, 12:08 am Post subject: |
|
|
I have done a particularly nifty bit of code in my forum where there can be only a single admin. No user who has got accidentally or deliberately been promoted to admin can ever log in at all. I don't plan to have any admins in the future and this code can be very useful indeed...
Another thing is that I keep my admin folder password protected (HTTP) and also keep my forum updated to the latest version of phpBB. I also take frequent back ups.
That's about it. 
_________________
Literary Forums
My Blog |
|
| Back to top |
|
|
*asterisk*
Joined: 10 Sep 2005
Posts: 7
Location: Vilnius, Lithuania
|
| Posted: 9/11/2005, 1:01 am Post subject: |
|
|
I backup my databases daily, protect admin panel with .htaccess, use different password for everything (same as patrick ), I also give admin access for ip's not for accounts.
_________________
Personal website |
|
| Back to top |
|
|
harishankar
Joined: 10 Sep 2005
Posts: 203
|
| Posted: 9/11/2005, 1:31 am Post subject: |
|
|
| Quote: |
| I also give admin access for ip's not for accounts. |
Wouldn't this cause a problem in the case of dynamic IPs? Also when people change their ISPs would they not have a different IP address?
_________________
Literary Forums
My Blog |
|
| Back to top |
|
|
marc
Joined: 10 Sep 2005
Posts: 35
Location: UK
|
|
| Back to top |
|
|
Thoul
Joined: 14 Sep 2005
Posts: 169
|
| Posted: 9/14/2005, 2:11 pm Post subject: |
|
|
Much the same as everyone else, .htaccess, etc. Nearly all my passwords are spit out by a random generator Firefox extension these days.
I don't backup the database as much as I should. I don't have good tools for it, to make it easier/faster/automatic/etc, really.
_________________
Phantasy Star: The Fringes of Algo | phpBB Smith |
|
| Back to top |
|
|
Triumvirate
Joined: 10 Sep 2005
Posts: 262
Location: New York, USA
|
| Posted: 9/14/2005, 2:22 pm Post subject: |
|
|
Like everyone else I use .htaccess. and such. I developed a system that works rather well for coming up with hard to get passwords.
I also don't backup my databases that often, I usually shoot for once a week but even that I sometimes don't make. Probably should start doing it more though.
_________________
MMO Gaming |
|
| Back to top |
|
|
Teknomancer
Joined: 19 Sep 2005
Posts: 335
|
| Posted: 10/30/2005, 5:07 am Post subject: |
|
|
I have no idea what .htaccess is. I don't use phpBB and I use SMF. It's generally said that SMF is very secure and all, so I haven't had any special checks YET.
I'm planning to do something regarding this soon. My forum is very new and I haven't made any backups yet, but in future I will make regular backups.
_________________
Toons & Comics Community
My Blog
My WebPage |
|
| Back to top |
|
|
Cross_+_Flame
Joined: 10 Oct 2005
Posts: 70
Location: United States of Canada
|
| Posted: 10/30/2005, 9:45 am Post subject: |
|
|
I do have several questions as a result of this thread. Thank you to everyone for your very interesting comments!
How does one do the .htaccess security? Require a HTTP authentification for anything in the admin panel or what? Code?
| marc wrote: |
| .htaccess file's protecting sensitive area's of the site using a random password which changes monthly, any config files are outside of the web directory. |
I tried doing this once and it never worked out for me. Just move config.php to a different section and point to it? My server hated it.
_________________
Cross+Flame
Visit my Religion & Interfaith Community |
|
| Back to top |
|
|
|
