Talk:Gallery2:Security - Gallery Codex
Personal tools

Talk:Gallery2:Security

From Gallery Codex

Revision as of 16:39, 15 March 2009 by Wagonlips (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
  • Add a note about cookie path / domains
  • add a note about phishing attacks
  • add a note about what measures G2 already implements for security

Security / .htaccess code

You can "Allow from xxx.xxx.xxx.xxx" (where xxx.xxx.xxx.xxx = some IP) to the below code in .htaccess thereby permitting access for the owner and others as needed.

<Files ~ "\.(inc|class)$"> Deny from all </Files>

becomes:

<Files ~ "\.(inc|class)$"> Deny from all Allow from xxx.xxx.xxx.xxx </Files>

You can add multiple IPs separated by "," e.g.

Allow from xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx

openbase_dir settings

Something that was not clear to me, I had to add the folder locations of the ImageMagick, NetPBM and ffmpeg binaries. example: openbase_dir = /web/gallery/folder/:/web/g2data:/usr/bin

Special:Version

I see you have even wiped the version off Special:Version.

I wouldn't bother, it is available even in the HTML source of that very page! Jidanni 04:12, 11 March 2009 (UTC)

advertisements