Securing Gallery2
Submitted by erichagstrom on Tue, 01/29/2008 - 4:10pm.
Enable Logging
Read and Log Visits only
Application Name = (App specific name)
Execute Permissions = Scripts Only
Application Pool = (Separate Pool)
index.php is only default content page
Enable Anonymous Access enabled
Created local user (SERVER\anon)and placed it in guest group. Used this user as Anonymous User on site
Local Administrators = Full Control
SERVER\anon = Read and Execute
System = Full Control (not sure the total ramifications for pulling this access, and what exploit is possible by leaving it...todo)
Inherited permissions
Read Only
Local Administrators = Full Control
Folder is one level above Website Root
Enable HTTP Keep-Alives
I run Gallery 2 for my picture gallery, and recently decided it was time to lock her down. What I have done follows.
Background
PHP Version 5.2.4
Windows Web Edition 2003 with IIS 6
Gallery 2.1.2
MySQL 5.0.45
Security Settings
Website Properties
Website Tab:
Home Directory Tab:
Documents Tab:
Directory Security Tab:
NTFS Permissions
Website Root
config.php
g2data folder
From the Gallery pages
* Read+Write+Execute for g2data and its subfolders
* Read+Write for all files in g2data and the files in its subfolders (update...requires Modify NTFS perms)
* Read+Execute for gallery2 folder and its subfolders
* Read for all files in gallery2 and the files in its subfolders
* Read+Execute for the binaries and the folder the binaries are in (imagemagick, netpbm, ffmpeg, dcraw, unzip, zip, ...)
Post new comment