If Perl or other script languages are also allowed on this webserver, your Gallery 2 is still insecure from attacks from other customers or from vulnerabilities of other web-scripts on this server. You should also make sure that a possible vulnerability in Gallery 2 cannot escalate further than necessary.
Gallery 2 was written with security in mind. Nevertheless, security vulnerabilities have already been discovered in Gallery 2 all known issues are fixed.
You should make it as hard as possible for visitors of your site to find out the version of your Gallery 2 since once the attacker knows the version of your Gallery 2, it's clear if the Gallery 2 installation is still vulnerable to older exploits. Say you have the exact version string on your frontpage, then an attacker can just use google to find a list of vulnerable installations, including yours.
If you can list all of the modules installed on your system, then Apache is listing directories. Notice though that the more errors you suppress the harder it is to diagnose a real problem. A shared webserver that runs all PHP scripts under the same generic user and not under the specific account's user can only be secured in a limited way. If you don't see php-cgi or php-fastcgi as Server API in your info. Reality check : Most shared webhosting plans fall into the above category and we hear from incidents like a Gallery 2 that was somehow deleted over night only very rarely, maybe once a year.
So it isn't as bad as it sounds. The chance being on a webhost with a malicious customer should be really small. The purpose of this section is just to clarify that your webhost actually may not be as secure as you thought. You should at least ask your webhost to change the situation asking wouldn't hurt and it would signal a general need for a secure webhosting environment.
And a smaller percentage in the lower to middle price class actually offers php-cgi based webhosting. Possible issues:.
SELinux doesn't work with Gallery 2 if not configured properly. It needs special configuration, see Known Issues.
No, these folders don't need to be deleted. But you can delete them, Gallery 2 will still work even when they are deleted. Extract the files from the archive into a temporary directory on your hard drive. If you use Windows, you may need to use WinZip to extract the files. There will be a directory called gallery2 which contain all the files for the gallery. Log into your CGI server and create a directory for your gallery.
For this tutorial, we will use a directory called gallery2. Upload all the files from the archive's gallery2 directory to the new directory on your CGI server. Note that this can take some time as there are a lot of files to upload, espeicially if you opted to install the Full Package version. Be sure you are in the new directory on your CGI server. Create a directory inside your gallery2 directory called g2data and change the directory's permissions to Leave the Language setting at default English US.
Due to Safe Mode Restrictions, it may not be possible to change the language. Click the Begin Installtion link. Copy the bold stream of characters from the intallation page into the text editor and save this file as login.
Upload this text file to your Gallery2 directory. Do not click on the correct version of login. You must do this step manually. As we do an installation for the Gallery2 codebase, we choose for a standard installation. Step 4 within the Gallery2 installer, guides you to set the right permissions for the g2data folder.
The next screen confirms that we have successfully setup the storage directory for Gallery2. Step 5 within the Gallery2 installer, guides you to set up your database correctly. Step 6 within the Gallery2 installer, is a form to define the administrator of Gallery2.
If the Administrator for Gallery2 has been setup successfully, this will be confirmed. Step 7 within the Gallery2 installer guides you to create a config file. Make this config. If the Gallery2 Codebase has been created successfully, it will be confirmed. At step 9 within the Gallery2 installer, you can select which modules you want to have installed.
At step 10 within the Gallery installer we have to set the right permissions. Read the instructions on the screen. Thanks for the excelent howto Hans. One remark though. This feature is only available to subscribers. Get your subscription here.
0コメント