Pekka
8th of October 2006 (Sun), 19:40
I've been into many EE 2 installations for support reasons, and suprisingly many have had lots of red in install check page.
115520
Obey the "Install check"!
Above three in REDs are most important to fix right away. Having such settings will compromise your EE security. Allow_url_fopen may be on for some reasons, but never with register_globals = "on".
Change default login
Many also keep default admin username and pass which is same as an invitation to editor. EE does warn you on every page about default passes - trust it means something!
Hide your test sites
And if you test EE 2 for your site It does not take much to guess your test folder if it is "EE" or "gallery". With above omissions to security it will mean a malicious person can get in and steal your ftp pass, see your personal images, get your database login info etc.
TAKE SECURITY SERIOUSLY!
115520
Obey the "Install check"!
Above three in REDs are most important to fix right away. Having such settings will compromise your EE security. Allow_url_fopen may be on for some reasons, but never with register_globals = "on".
Change default login
Many also keep default admin username and pass which is same as an invitation to editor. EE does warn you on every page about default passes - trust it means something!
Hide your test sites
And if you test EE 2 for your site It does not take much to guess your test folder if it is "EE" or "gallery". With above omissions to security it will mean a malicious person can get in and steal your ftp pass, see your personal images, get your database login info etc.
TAKE SECURITY SERIOUSLY!