We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

[Advice Needed] - How to Secure Oxwall - htaccess/sql ? | Forum

Topic location: Forum home » Support » General Questions
Pages: « 1 2
Alia Team
Alia Sep 13 '12

Dear Steffen in case with Open, admin password was cracked by brute force (since admin cookies were stolen). It is not possible to access database directly via HTML widgets just using HTML code, since HTML doesn't execute mysql queries.


It is very important to remember that more sophisticated admin password decreases the risk of admin account being hacked.


Also for security purposes, it is better to turn the ability to add custom HMTL/Javascript code by users off, since universal method for identifying malicious code doesn't exist. Oxwall cuts out most popular malicious codes, and we always improve this system. However, right now it is not possible to be 100 % protected from XSS.

#21
Nikhil Shukl
Nikhil Shukl Oct 22 '13
Hi all...

recently i need to change my default htaccess file. (after migrating my hosting to arvixe).

i added this line to my htaccess.

"RewriteRule ^SubDirName/(.*)$ /$1 [L,R=301]"

everything is working file now. but, from the security perspective, i want to know that is this correct place to write in htaccess file.  given is my htaccess file. (default by oxwall, except my line)

-------------------
AddHandler application/x-httpd-php52 .php .php5 .php4 .php3
Options +FollowSymLinks
RewriteEngine On

AddEncoding gzip .gz
AddEncoding gzip .gzip
<FilesMatch "\.(js.gz|js.gzip)$">
  ForceType text/javascript
</FilesMatch>
<FilesMatch "\.(css.gz|css.gzip)$">
  ForceType text/css
</FilesMatch>


RewriteRule ^st/(.*)$ /$1 [L,R=301] ##<---i add this line to the file.

RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_URI} !/ow_updates/index\.php
RewriteCond %{REQUEST_URI} !/ow_updates/
RewriteCond %{REQUEST_URI} !/ow_cron/run\.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.xml|\.feed|robots\.txt|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
-------------------
#22
SS
SS May 30 '14
I had same issue with my website one of the user spend few hours in my website as a user after that he was login in by admin and he posted from admin user this website there is a security hall 
#23
Pete
Pete May 30 '14

Here is everything you need to know about htaccess


http://www.askapache.com/htaccess/htaccess.html

#24
ross Team
ross Jun 2 '14
I'm sorry Mxubair, do you mean he logged in the admin panel and made a post as an admin user?
#25
Pages: « 1 2
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software