I was wondering what the recommended security precautions are for EE?
Some issues are outlined in the clean install, but I thought I'd put this out to the group.

TIA for any input.

-Doug

In php.ini:

register_globals = off

It is always best to use the latest versions of PHP and MySQL (MySQL 4 is very recommended, not 4.1 yet), especially PHP contains plenty of security fixes.

In EE the most important security action is: rename input folder to something else and change editor username and pass in misc settings.

In EE the most important security action is: rename input folder to something else and change editor username and pass in misc settings.

As an alternative to renaming the folder one can also put a .htaccess file in place when using apache. The .htaccess can then limit access to a specific ip.

Thanks!

Just wanting to make sure.... :-)

You can also password-protect the input directory. So you have to go through two logins. If you use .htaccess, it's even more secure. However, .htacess won't work if your ISP gives you a dynamic IP.