Genealogy - Site Notes

Home Page

TNG Security

This is a collection of thoughts on TNG security. I plan to work on some of this myself. TNG 8 has moved administrative functions to the main directory which creates doubt as to its security robustness.

Host and Server Security

  • Use the most restrictive system file permissions that still allow TNG to function. On many servers this is 644 for files and 755 for directories (owner writeable only). Typically the web server such as Apache runs as user 'nobody' and needs only read permission. Typically PHP runs as the site owner so group and global write permission are unnecessary even for configuration files.
  • Disable any and all Apache and PHP features not used by TNG or other parts of the web site.
  • Protect directories that are not accessed from the web server. Directories used only by PHP code do not need web access!
    •  Use .htaccess files that deny access to all. 
    • Use an index.php to block directory search and redirect to Error.html.
    • TNG Media and *.gif files are displayed using HTML need only to be 644.
  • I have implemented a front end, called SAFE, which validates all TNG web calls and allows TNG to be outside the Web access directory.

TNG Software Security (modification/reorganization of the TNG code)

  • Each PHP file called by a URI or available in a web-accessible directory should validate its parameters. The ereg() function can be used quite effectively to validate the URI. One way to do this is to have a single PHP file front-end all Web access to do initial checking, stripping of parameter strings, etc., then have individual, include files for each function check in more detail.
  • All files that are not called directly from the URI should be in a directory not accessible from the Web. All other files should be similarly inaccessible.
  • Each include PHP file and PHP function should validate any calling parameters.
  • All parameter strings should be checked for valid format, be stripped of dangerous content, and be chopped to a maximum size. For example, any string to be displayed should be stripped of control characters and HTML tags.

Page modified: 25 Oct 2011 11:11:01 -0700

[Back to Top Send comments or questions to Contact Me. [Home Page]