MegaPixel
Active member
Evening all,
I've been working on Xenforo and have been unable to find any solid answers on a few points I'm unsure about, is there anyone that could possibly advise?
Specs
Xenforo 2
Using Ubuntu
Apache2
Folder Permissions
I've found some threads relating to setting permissions for /data and /internal_data with a few different suggestions. At the moment I've set them both to 0755 (if this is something you may advise against, do you have any other suggestions?). Alternatively, I've not had much luck (not sure if I've overlooked anything) finding if the other folders need any other permissions? I.e. /src /js /library /styles. Is there any recommendations for these to maximise security for my forum? Additionally, the same question goes for files in my directory (admin.php, cmd.php,css.php, etc). Is there any recommended permission sets for that?
Forum Analytics
I've contemplated requesting an addon to help us manage the forum analytics side of my forum and have it on-site, but this seemed costly given what we'd use it for. So my alternative idea was to set up Excel to pull through MySQL Data through queries (This is something I'm more used to doing as I do something similiar for my work but using MS SQL Studio). I did a bit of playing around and got this to work but disabled remote connection once finished. My worry with pulling MySQL data onto excel to help me with analytics and information for my forum is security. Is there any specific security threat that using remote connection could cause, and pulling it to Excel?
I had an account made for this with "Select" only permissions. Alternatively, is there a way I can make this more secure or is it just not a recommended route?
Kind Regards,
Jamie
I've been working on Xenforo and have been unable to find any solid answers on a few points I'm unsure about, is there anyone that could possibly advise?
Specs
Xenforo 2
Using Ubuntu
Apache2
Folder Permissions
I've found some threads relating to setting permissions for /data and /internal_data with a few different suggestions. At the moment I've set them both to 0755 (if this is something you may advise against, do you have any other suggestions?). Alternatively, I've not had much luck (not sure if I've overlooked anything) finding if the other folders need any other permissions? I.e. /src /js /library /styles. Is there any recommendations for these to maximise security for my forum? Additionally, the same question goes for files in my directory (admin.php, cmd.php,css.php, etc). Is there any recommended permission sets for that?
Forum Analytics
I've contemplated requesting an addon to help us manage the forum analytics side of my forum and have it on-site, but this seemed costly given what we'd use it for. So my alternative idea was to set up Excel to pull through MySQL Data through queries (This is something I'm more used to doing as I do something similiar for my work but using MS SQL Studio). I did a bit of playing around and got this to work but disabled remote connection once finished. My worry with pulling MySQL data onto excel to help me with analytics and information for my forum is security. Is there any specific security threat that using remote connection could cause, and pulling it to Excel?
I had an account made for this with "Select" only permissions. Alternatively, is there a way I can make this more secure or is it just not a recommended route?
Kind Regards,
Jamie
