|
|
If you have succesfully installed RosarioSIS on your production server, this article might help you secure RosarioSIS.
|
|
|
This article aims at giving security hints for RosarioSIS.
|
|
|
|
|
|
Here is the list of **files you should remove or rename** and why:
|
|
|
**PostgreSQL database:**
|
|
|
|
|
|
* _diagnostic.php_: displays the PHP info.
|
|
|
Instead of creating the RosarioSIS database with the _postgres_ user, first create a user that can login and create database. Then login with that user and create the RosarioSIS database so that the RosarioSIS user is its owner. So in case your RosarioSIS user password is discovered, the whole PostgreSQL server is not compromised.
|
|
|
|
|
|
If you have succesfully installed RosarioSIS on your production server:
|
|
|
|
|
|
Here is the list of files that contains the **version number** of RosarioSIS, if you would like to hide it:
|
|
|
|
... | ... | @@ -15,14 +17,14 @@ Here is the list of files that contains the **version number** of RosarioSIS, if |
|
|
Be careful when you update RosarioSIS. If you overwrite the files, the above files will be accessible again!
|
|
|
|
|
|
|
|
|
The **_.htaccess_** file prevents access to the _config.inc.php_ file. You can add this rule to your site / Apache configuration and remove the _.htaccess_ if you want to avoid the use of _.htaccess_ files for performance reasons.
|
|
|
|
|
|
Change the usernames and passwords of the default set of users (_admin_, _teacher_, _student_, _parent_) and adopt a [password policy](https://www.sans.org/security-resources/policies/Password_Policy.pdf).
|
|
|
|
|
|
Finally, and more generally, here is a good set of rules to block attacks: [**5G Blacklist 2013**](http://perishablepress.com/5g-blacklist-2013/)
|
|
|
The **_.htaccess_** file prevents direct access to the _config.inc.php_ file. You can add this rule to your site / Apache configuration and remove the _.htaccess_ if you want to avoid the use of _.htaccess_ files for performance reasons.
|
|
|
|
|
|
Finally, and more generally, here is a good set of Apache rules to block attacks: [**5G Blacklist 2013**](http://perishablepress.com/5g-blacklist-2013/)
|
|
|
|
|
|
But you should remove this line for RosarioSIS to work:
|
|
|
|
|
|
``
|
|
|
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
|
|
|
`` |
|
|
\ No newline at end of file |
|
|
`` |