Talk:Security

From Dokeos

Jump to: navigation, search

http://www.dokeos.com/doc/installation_guide.html

  • The installation manual still gives some unsecure directions:
    • putting directory permissions at 777 (which does not at all seem necessary). Is there a reason for this? If yes: what reason, if no: maybe the doc should change?
    • putting memory_limit = 256M , this is an absurdly high value! Don't forget this means 256 per client, 40 clients at this max would already consume at least 10G of memory which would suffocate a lot of systems.
  • Issue FS#2151 (remote PHP upload and execution) :
    • It seems a bit unsecure that there is still a need for direct links here, the "courses" directories shouldn't be accessible via the web server itself. Patching this (to eliminate the need for direct links) is not that hard, there could just be a problem with existing documents.
Retrieved from "http://www.dokeos.com/wiki/index.php/Talk:Security"
Personal tools