Change HTTP to HTTPS?
Anti-Spam plug-ins?
Do I have to worry about MySQL injections?
Something else?
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Securing Oxwall with no sign-in | Forum
Kimmo
Dec 29 '15
What do I have to do to make Oxwall safe as possible, and have access to most of the stuff without sign-in?
Change HTTP to HTTPS?
Anti-Spam plug-ins?
Do I have to worry about MySQL injections?
Change HTTP to HTTPS?
Anti-Spam plug-ins?
Do I have to worry about MySQL injections?
Tecca
Dec 29 '15
Fields should be sanitized, so SQL injections are unlikely through sign-in forms. HTTP to HTTPS is always good for security and keeping passwords protected, and Google loves websites with SSL, so you may even rank higher because of it.
Spam bots are different. Those will simply register to post links, and yes, anti-spam plugins will help with that but spam bots aren't a security risk in general. Just a nuisance.
Is there something specific you're trying to achieve?
Spam bots are different. Those will simply register to post links, and yes, anti-spam plugins will help with that but spam bots aren't a security risk in general. Just a nuisance.
Is there something specific you're trying to achieve?
Kimmo
Dec 30 '15
Main idea is to keep it as easy to maintain as possible. What I'm doing is free access gives about no writing access, so that keeps spam away. Quite possible is a go for https.
Tecca
Dec 30 '15
Yep, then Oxwall should be great out of the box for that case. I'm doing something similar with a site I'm currently developing.
HTTPS is great, I always recommend it -- certs for as cheap as $15 for 3 years or even free p/year depending on where you go.
HTTPS is great, I always recommend it -- certs for as cheap as $15 for 3 years or even free p/year depending on where you go.
