SyndeoCMS Content management system for primary schools

Content Management System for Primary Schools

General info arrowSecurity
Thursday, 14 December 2017
 
 

Security

The SyndeoCMS team takes security very serious.
This page is an effort to give a checklist on security issues

Security can be divided into several parts:

1. The program itself should be secure, we did our very best to create a secure CMS and we monitor this on a continious base.
Always use the latest version of Syndeo CMS, it can be found on sourceforge.

2. Several issues needs to be addressed at or after the installation of SyndeoCMS:

What: Best option Where to check More information
Content of starnet/install delete after installation Via ftp See installation
latest step
File permissions (linux)  See here Use a FTP program like Filezilla or use SSH to go to your site. See a very good explanation on
the Wordpress site
File ownership (linux) media and studentpages
should have "apache" user as owner
use telnet or SSH to go to your site  
register_globals
in php.ini
should be set to OFF php.ini or ask provider run
syndeo_check.php
allow_url_fopen
in php.ini
should be set to OFF php.ini or ask provider run
syndeo_check.php
.htaccess files for media and studentpages directory See for an example here Will be included in the next syndeocms version. See a very good explanation on
the Wordpress site
Error messages from system Be sure to fill in your email address in the logging tool See Tools -> Logging -> Configuration Be sure you investigate error messages, they may indicate hackers trying to access the system.


3.
Human behaviour.
    Don't forget your own users of the site, don't give them more authorizations than needed.

What Best option
System administrator Normally you have only one person (maybe one for backup) which has all the rights in the system see configuration -> users here.
Admin users These users have typically access to pagemanager, filemanager and modules.
There is no need to give them access to the configuration settings of the CMS.
User names Try to avoid user names which can be guessed easily, as "admin" or "system".
Passwords Preferable password have 6 characters or longer and have mix with numbers and characters. If you can remember add a special character like $ , #, _ etc.
New users If you create new users, let them change their password at the first login.
Allowable file extentions on site Do not allow users to add file extentions which can be executed, like PHP, ASP, CGI etc. in the "Valid file extensions" table. So the "Working environment" is typically only for System administrators.

If you have additions or improvements please contact us.
Latest news
12-04-2014:
Version 3.2 released!
read more ...

15-07-2013:
Version 3.1.00 released!
read more ...

Professional editon
For SyndeoCMS Professional Edition please visit our strategic partners:
Schoolsunited
Schoolsunited

To see an overview of the differences between the Open- and the Professional version click Here.
 
Top! Top!