1. Directory permissions
We do not recommend that users set the column directory in the root directory, because it will be very troublesome to set security settings in this way. By default, after the installation is completed, the directory settings are as follows:
(1) data, temples, uploads, a or the html directory of 5.3, set the permissions to read and write but not to execute;
(2) If you do not need special topics, it is recommended to delete the special directory. If you need to, you can delete special/index.php after generating HTML, and then set this directory to be executable. Read-write, non-executable permissions;
(3) include, member, plus, background management directories are set to executable scripts, readable, but not writable (the same is true for book, ask, company, and group directories with additional modules installed set up).
2. Other issues to pay attention to
(1) Although the install directory has been strictly dealt with, for the sake of safety, we still recommend deleting it;
(2) Do not directly use the authority of MySQL root user for websites, and set the settings for each website Independent MySQL user account with permissions:
SELECT, INSERT , UPDATE , DELETE
CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES
Since DEDE does not use stored procedures anywhere, be sure to disable FILE, EXECUTE, etc. to execute stored procedures or files Permission to operate.
3. Change the data directory path In addition, in DedeCMS
V5.7, users can also set the data directory to the upper-level non-web access directory. The basic operations are as follows:
3.1. Move the data directory to the upper-level directory, and cut it directly here It is fine in the past;
3.2. Configure the DEDEDATA file in include/common.inc.php
define('DEDEDATA', DEDEROOT.'/data');
Can be changed to a class like:
define('DEDEDATA', DEDEROOT.'/../../data');
3. 3. Setting the template cache path in the background
Template cache directory: change to ../../data/tplcache
4. Modify the background path
Of course, we should also pay special attention to the fact that the default background path of dedecms is dede, we'd better change the name of this folder, the more complicated the better; it is strongly recommended that the data/common.inc.php file attribute be set to 644 (Linux /Unix) or read-only (NT);
Doing the above four points will add a protective wall to your website. Of course, we usually need to make more backups and apply the patches issued by dedecms in time.