IMPORTANT [Archive] - Canon Digital Photography Forums

View Full Version : IMPORTANT

Pekka

31st of October 2003 (Fri), 10:45

1. DO NOT POST ADDRESS TO YOUR INPUT FOLDER IN ANY PUBLIC FORUM

By getting access to your input folder people can get your ftp passes, system info and other data for hacking into your server.

2. RENAME YOUR INPUT FOLDER

By keeping input folder "input" you will open door for everyone who has installed EE. Rename your input folder to something only you know

3.DO NOT USE ANYTHING UNDER YOUR YOUR INPUT FOLDER (UPLOAD FOLDER) AS IMAGE PATH
If you do this, it will reveal your input folder in html source code on public pages.[/b]

Scho

31st of October 2003 (Fri), 12:05

Access to my input folder requires a login and password. Should I also change the name of the folder and can this be done without having to also modify references in php files?

Pekka

31st of October 2003 (Fri), 15:14

Scho wrote:
Access to my input folder requires a login and password. Should I also change the name of the folder and can this be done without having to also modify references in php files?

Yes, it is always a good idea to change input folder to something that you only know, even when it is protected by server user/pass methods.

Because ftp passes are now for convinience in input folder html code (and not in e.g. php configuration file like fetchsettings.php) along with full access to gallery editing and EE Backup, the input file should be protected as well as you protect your PC from external access.

EE does not really care about name of input folder, and by changing toroot.php in all levels under input folder you can place it anywhere in your www filestructure. Note that this will affect relative thumb paths, too. I have not tested _everything_ with moved input folder, but I see no reason for it NOT to work. The toroot.php in input folder contains only one line which should contain relative path to gallery root.

I see no point giving hackers a chance to try out entry by guessing passes - they will know that EE's default admin folder is "input" so first thing is to change it to something with at least 8 letters (some additional numbers inbetween will make it very much more difficult to guess or have a robot guess it by brute force algorithms).