Hi All,
I've searched around the forum and wiki for ages trying to find a definitive answer to this, but not found one yet.
I (like many others) have SugarCRM installed on a shared server and I would like to know the best security settings for the files/folders. All the existing threads talk about CHOWNing the files etc, but don't seem to take into account the issues of shared hosting where you can't do this.
I've just upgraded from 5.0.0a to 5.0.0c, and basically had to CHMOD all files/directories to 777 just to get the upgrade to work. I'm sure I shouldn't leave tham like this but I have no idea what the proper permissions should be.
So in the following scenario, what's the best way to secure the site/database?
Shared Linux server
Apache version 2.2.6 (Unix)
MySQL version 4.1.22-standard-log
PHP version 5.2.5
Ability to CHMOD but not CHOWN
Upgrade wizard required permissions of 777 to work (755 wasn't enough)
Most files owned by user (32180 for example) but some owned by 99 and are not deletable (except for some files in cache directory)
Must be accessible to multiple users via the Internet (but obviously not all of Joe Public)
The obvious starting points are
.htaccess file
strong passwords for admin and mySQL database
Use Web Protect to password protect the directory that SugarCRM is in (ie. public_html/sugarcrm)
use robots.txt to "hide" the directory from SEs
Correct permissions for each file/directory
So, for a shared server enviroment, can anyone give a straight and simple answer to the following...
Is the standard .htaccess file that SugarCRM provides sufficient, or is there something else I should add?
What are the recommended file permissions for each file/directory? (I assume that 777 is NOT correct for all of them!)
Is there anything else that can be done to secure the installation further?
Thanks in advance for any help!
Cheers
Dave
LinkBack URL
About LinkBacks
Recommended security settings for shared server?
Reply With Quote
Bookmarks