As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have a Zend framework site running and somebody actually managed to upload 2 php scripts in the ZF public folder.
I've changed the password to cpanel including ftp, database etc.
But how can I prevent this from happening again?
If it is possible to access pgrfilemanager without a login then users can easily upload whatever files they want to your site. You'll need to find a way to secure that script, either by including your ZF login check inside of it somehow, or by securing it with a htaccess style login instead (probably easier).
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Yesterday I setup a localhost on my network, and now am working on making it a public website. I read that self-hosting a website with WAMP can be very insecure, and poses high security risks. Is this true? How would I make my WAMP server secure? I currently have Windows Vista (most recent service pack), Kaspersky Pure 3.0, and WAMP 2.2. If you could please post a solution, or tips on keeping my self-hosted website secure, it would be greatly appreciated!Thank you!
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I have a production web service built with Node JS(HTTP Server) on a Linux box with a HAProxy Load Balancer and wanted some kind of graphical tool to do live reporting on the server. I specially wanted to look at requests/min, request failures, etc. Anything out there people would suggest. I need something non-intrusive b/c I will be handling 20mil+ requests a day.
Have you looked at cube (https://github.com/square/cube), graphite/carbon (http://graphite.wikidot.com/) or opentsdb for such data monitoring/display?
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I could not find anywhere on google information about Spotify Apps that would say anything about the future plans of this expansion, in particular, if it would be possible to publish your own app somewhere on the future Spotify App Store or something similar to that. Does anybody know if this feature is in the future development plans of the company?
The process for getting your application published on the App Finder is here:
https://developer.spotify.com/technologies/apps/process/
Specifically, we request you submit a concept to us first so we don't end up with duplicate apps, then once that's approved the process is fairly standard - you make the app, we make sure it's good enough for the App Finder, then it gets published.
If you've already started to make an app, no matter - just submit it as a concept anyway and we can work from there.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I'm changing my app to allow vanity user url:
http://domain.com/username
I am trying to find out what are the common names that should be prevented from the user to register, such as: phpmyadmin, password, username, about, contact, support, etc.
Best if there is a list available, but I haven't been able to find one.
Thanks.
I think you could allow any name as long as it doesn't conflict with another page on your site. You may want to consider the following just to prevent such conflicts:
http://domain.com/user/username
That way you could still use
http://domain.com/about
http://domain.com/contact
for your own URLs.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I need a site search engine to provide search for my members-only content. I've previously used Fluid Dynamics Search Engine but was wondering if there was anything that's been more recently updated.
Needs to index content via site crawling as opposed to filesystem crawling as all content is in a database. Also needs to run under FreeBSD / Linux.
Yes, sorry, not programming... but this is the best place to get great answers!
Solr from the Apache Lucene project might be of interest to you.
Another excellent one is Xapian.
Sphinx should be pretty good as well:
Sphinx Search