I was wondering if there is a list of best practices somewhere for installations on Linux servers from the [U]security[/U] perspecive.
For example, I find letting 777 access to all out/ files and folders opens up the possibility of a attacker defacing the shop by manipulating tags in the oxid.css file.
Appreciate comments from the community.
Regards
Ashant
Hi Ashant,
on most systems, the installation is pretty simple and the shop takes over setting the right permissions for the files. As nowadays we have more and more “restrictive” systems around, I wrote a little concept for a feature request for this:
http://www.oxidforge.org/wiki/465_-_Check_if_files_are_writable_in_installation
Hope to get it implemented soon(ish)