Protecting the install dir during installs and upgrades

Do something cool with CMS? Show us ...
This board is for 'Answers', and the discussion of answers... Not for questions.
Post Reply
vaughnt
Forum Members
Forum Members
Posts: 82
Joined: Tue Jun 13, 2006 2:05 pm

Protecting the install dir during installs and upgrades

Post by vaughnt »

On occasion we all end up having to work on a live site. One thing that has bothered me about this situation is that for a bit during installs and upgrades, the general public has access to the install scripts (on installs, it pops up by default, on upgrades you'd have to know what to type). This post describes a simple solution. Note: this only works on webservers that utilize .htaccess files, like Apache.

What I did is after untarring the CMSMS install files, I created a file called .htaccess in the /cmsmadesimple-1.2.3/install/  directory, with the following contents:

Code: Select all

AuthName "Installdir"
AuthType Basic
AuthUserFile /home/mydir/installprotection/.htpasswd
Require valid-user
I then changed to /home/mydir/installprotection/ and created a blank file called .htpasswd and saved it. I then issued the command:

Code: Select all

htpasswd username
which then prompts me to enter a password for "username". Enter it twice, it writes the auth info to the file.

Now, whenever I copy the install files to make a new website, the install dir is always password protected, disallowing the public or the nefarious from messing up my installs/upgrades.

This probably seems like really basic stuff to some of you, but others may find it helpful.  It's a simple thing you can do to be more secure.
--
My photography: http://vaughnsphotoart.com
Festiva Resorts: http://www.festiva.travel
Top
Post Reply

Return to “Tips and Tricks”