OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



htaccess

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OJS:

1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.

htaccess

Postby soj » Thu Nov 03, 2005 10:37 am

We have OJC installed in a web-accessible directory. I understand I should create an .htaccess file to secure the installation. However, I confess I'm clueless as to what text should be included therein. Suggestions would be very welcome!

Thanks in advance, soj
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Thu Nov 03, 2005 2:04 pm

Hello Soj,

As long as you've installed OJS with your files directory outside of the reach of the web browser (see config.inc.php, files_dir directive), you should be OK. Without an .htaccess file users will be able to download various OJS data files (e.g. by requesting dbscripts/xml/version.xml through the browser), but nothing of importance will be revealed. Everything that might be private is kept in the files directory or in the database.

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 8321
Joined: Wed Aug 10, 2005 12:56 pm

htaccess

Postby soj » Thu Nov 03, 2005 2:22 pm

Alec, my thanks for responding yet again. I confess I'm not clear what exactly "out of reach of a web browser" constitutes.

We are using shared hosting and had to upload in the "public_html" directory. The OJS files reside in a folder labeled "ojc". This folder contians the index.php file. At some I will have to point my domain name to the ojs index as well.

May I assume this arrangement suffices?

soj

http://www.ejssm.org/ojs
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Thu Nov 03, 2005 10:13 pm

Hi Soj,

If your files directory is a subdirectory of public_html, your submission files are probably visible to the world.

I'd suggest making the files directory a subdirectory of the directory that *contains* public_html (and updating your config.inc.php so that OJS knows where it's gone); that way the various system files won't be compromised.

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 8321
Joined: Wed Aug 10, 2005 12:56 pm

Postby soj » Thu Nov 03, 2005 10:46 pm

Alec thanks! I've tested and it seems the whole install is visible. I know just how to do what you have suggested. Any other security measures I should put in place? Would adding an index to the each of the rest of the directories mess up the system?

Again, many thanks! soj
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Tue Jan 03, 2006 2:15 pm

Hi Soj,

Most users running OJS 2 are running as you are -- directory listings are often available of the source code, etc. However, all PHP includes are structured so that nothing critical is exposed; nothing is a security risk (beyond exposing, for example, what version of OJS you're running).

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 8321
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: Google [Bot] and 4 guests