OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



htaccess

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

htaccess

Postby soj » Thu Nov 03, 2005 10:37 am

We have OJC installed in a web-accessible directory. I understand I should create an .htaccess file to secure the installation. However, I confess I'm clueless as to what text should be included therein. Suggestions would be very welcome!

Thanks in advance, soj
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Thu Nov 03, 2005 2:04 pm

Hello Soj,

As long as you've installed OJS with your files directory outside of the reach of the web browser (see config.inc.php, files_dir directive), you should be OK. Without an .htaccess file users will be able to download various OJS data files (e.g. by requesting dbscripts/xml/version.xml through the browser), but nothing of importance will be revealed. Everything that might be private is kept in the files directory or in the database.

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

htaccess

Postby soj » Thu Nov 03, 2005 2:22 pm

Alec, my thanks for responding yet again. I confess I'm not clear what exactly "out of reach of a web browser" constitutes.

We are using shared hosting and had to upload in the "public_html" directory. The OJS files reside in a folder labeled "ojc". This folder contians the index.php file. At some I will have to point my domain name to the ojs index as well.

May I assume this arrangement suffices?

soj

http://www.ejssm.org/ojs
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Thu Nov 03, 2005 10:13 pm

Hi Soj,

If your files directory is a subdirectory of public_html, your submission files are probably visible to the world.

I'd suggest making the files directory a subdirectory of the directory that *contains* public_html (and updating your config.inc.php so that OJS knows where it's gone); that way the various system files won't be compromised.

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Postby soj » Thu Nov 03, 2005 10:46 pm

Alec thanks! I've tested and it seems the whole install is visible. I know just how to do what you have suggested. Any other security measures I should put in place? Would adding an index to the each of the rest of the directories mess up the system?

Again, many thanks! soj
soj
 
Posts: 151
Joined: Fri Oct 28, 2005 1:53 pm
Location: Norman OK USA

Postby asmecher » Tue Jan 03, 2006 2:15 pm

Hi Soj,

Most users running OJS 2 are running as you are -- directory listings are often available of the source code, etc. However, all PHP includes are structured so that nothing critical is exposed; nothing is a security risk (beyond exposing, for example, what version of OJS you're running).

Regards,
Alec Smecher
Open Journal Systems Team
asmecher
 
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: No registered users and 3 guests