Page 1 of 1

Sphider security

Posted: Sat Nov 24, 2018 12:15 am
by captquirk
If your installation of Sphider is on a Linux based machine, it is highly recommended to password protect the admin directory. How this can be done depends on your host. In some cases, simply by modifying the .htaccess file and creating a .htpasswd file. Most likely, most hosts will ignore that and the directory will need to be protected from their control panel.

Another thing to remember, if you access the admin folder without SSL (http and not https), your user name and password could be intercepted. SSL is NEVER a bad idea!

One additional precaution you can make, security wise, is to move database.php off the web entirely. "$_SERVER['DOCUMENT_ROOT']" is the root of your web server. Move database.php to the folder just above root. That way, no matter what, no one will ever be able to access that file. If you do this, you will need to alter the path to database.php in three places. Edit search.php, auth.php, and suggest.php to provide the new path.