We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

ow_userfiles | Forum

Topic location: Forum home » Support » General Questions
Pages: 1 2 »
AppXprt
AppXprt Jan 1 '20
Any solutions for protecting ow_userfiles against everyone except the intended / owning user?
#1
AppXprt
AppXprt Jan 6 '20
No one has any ideas on how to protect user files?!
The Forum post is edited by AppXprt Jan 6 '20
#2
OW-Ghost
OW-Ghost Jan 6 '20
I think to encrypt folder and files only way


dont ask me how to transfer that in coding but i think not impossible if you put effort on doing it

The Forum post is edited by OW-Ghost Jan 6 '20
#3
AppXprt
AppXprt Jan 12 '20
Please, lets come up with a solution for this and the CSRF issues!
#4
OW-Ghost
OW-Ghost Jan 12 '20
encryption only way....but to encrypt open source is impossible to do then the core no longer open source


i can encrypt folders on my google server platform if i want to do....but will that working ....never test it fully

The Forum post is edited by OW-Ghost Jan 12 '20
#5
OW-Ghost
OW-Ghost Jan 14 '20
What about CSRF issue can you tell more about that issue?
#6
AppXprt
AppXprt Jan 14 '20
Yes Sir, it was discovered by a security team a few years ago:
https://developers.oxwall.com/forum/topic/55811

as well as this Stored XSS:
https://developers.oxwall.com/forum/topic/55761


Hope this helps! :-)

#7
OW-Ghost
OW-Ghost Jan 15 '20
Looks no good at all. Why is nobody take this security issues seriously? We need fix for all this things that you bring up.
#8
OW-Ghost
OW-Ghost Jul 14 '20
i think it is all folders that have 777 permission that need bee protected not only one folder? or im wrong  now?


i working on SEO now very hard. when i feel SEO start bee good my next step will bee fix security issues.


is there not one people that have any good advice how to protect oxwall software?


I think many is skilled developers here that have server skills too not only code skills?

The Forum post is edited by OW-Ghost Jul 14 '20
#9
dave Leader
dave Jul 15 '20

There are several things you can do to help secure your server even if Oxwall is not perfect yet. 


If you have a dedicated server and running cpanel and apache:


1. Install configserver firewall    configserver.com/   its free


2. Install kernel care    (if i remember its less than $5 per month)  - its a hassle free option to keep your kernel updated.  But remember if you update the kernel you might break Oxwall.


3. Be sure you have cpHulk set up and running.


4. Set ServerTokens Prod - this is a main server config file option only, it cannot be done in htaccess.   ServerTokens Prod


Some other things you can do shared or dedi server:


A. Set ServerSignature Off via htaccess or main config file:   ServerSignaturre Off


B. Dont use the same password for all your emails or all your important logins, and make your passwords 13+ chars long.


For Oxwall:


Move your template_c folder above your public html.


https://developers.oxwall.com/forum/topic/64738








#10
kennedystewart
kennedystewart Jun 28 '22
Become a professional driver. Drive your way. The newly released Drift Boss adds an extremely attractive drift 3 game, join now to experience more new games that are continuously updated every day
#11
john deep
john deep Sep 7 '22
I am thrilled to have this  wordle nyt online journal. It's a significant subject. With its support, I was able to handle a few issues. Its odds are excellent, and it operates quickly.
#12
Donte Vancooten
Donte Vancooten Feb 10 '23
Mitsuya Earrings
#13
Henry bounse
Henry bounse Jul 4 '23
The blog has brilliantly highlighted the often underrated benefits of a good mattress on our overall health and well-being. It's not just about the number of hours we sleep but also the quality of that sleep visit, click for more info, Use this website, click to read more, find more info
#14
Qhaaf Bedding
Qhaaf Bedding Aug 16 '23
Don't miss the Qhaaf Bedding sale on bed sheets! Upgrade your bedding collection with their premium options at unbeatable prices. Visit Qhaaf and grab your favorite bed sheets now.
#15
Mannat Clothing
Mannat Clothing Aug 16 '23
Mannat Clothing presents chic black suit design for girls, combining style and sophistication in one stunning outfit.
#16
Bagerz Bags
Bagerz Bags Aug 16 '23
Bagerz brings you a captivating range of khussa shoes. Explore our online collection and find the perfect khussa design for girls that combines tradition with modern style.
#17
Panache Apparel
Panache Apparel Aug 17 '23
Discover the latest western clothing Pakistan at Panache Apparel. Shop online and enjoy the convenience of stylish fashion delivered to your doorstep.
#18
Aspire Bedding
Aspire Bedding Aug 17 '23
For the best selection of duvet covers Pakistan, choose Aspire Bedding and enjoy a range of designs and sizes to fit your needs.
#19
kalvindarwan
kalvindarwan Dec 20 '23
There are sometimes, however, where you might just need some concrete refinishing or resurfacing. There are sometimes, however, where you might just need some concrete refinishing or resurfacing. San Clemente Concrete Pros
#20
Pages: 1 2 »
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software