Welcome to the Koken CMS community!

Here at KCS, you will find a friendly bunch of photographers who like to share their love for the Koken CMS. We hope that you will enjoy your time here and thrive in our community!

You asked for it: Donations!
You asked for it, and it's here: The possibility to "buy me a beer (or more)"!

Seriously: By giving a small paypal donation you will help with keeping this site afloat and also give me more incentive to develop OxyGen further... ;)

// Bjarne Varöystrand and the KCS Team
Koken Development

Move the main part of Koken out of the DocRoot

Issues installing or configuring Koken at your web host.
Forum rules
As of late, we have been seeing cases where some of you have been posting multiple types of questions within a singular type of topic...

This makes searching here a nightmare for people whom are attempting to find out whether or not their question has already been asked, or possibly even answered. Therefore, I would like to implement some very basic rules, which I think everybody will be happy with, given that they will lead to better search results.

  1. All public communication is done in English
  2. ONE question per topic
  3. Make the title descriptive
  4. If it's regarding a theme: make sure you mention the theme name.
  5. Leave a URL to your site, since sometimes, custom "hacks" and CSS will be uniqe to your site.

I believe that these simple rules will not only make our lives easier, but also the lives of our visitors :D

I am of the opinion that ignoring these requests will make it harder for us all.
Plus, we won't be able to actually mark an issue/topic as solved, since it would be more difficult to determine what we're actually trying to solve! For example: Are we addressing the first, second or third question?
medienverbinder
Newbie
Newbie
Posts: 1
Joined: Mon 08 Oct 2018, 16:49
Your name: André

Move the main part of Koken out of the DocRoot

Postby medienverbinder » Mon 08 Oct 2018, 17:12

Hello out there,

on recommendation I installed Koken on a webserver and found the system very structured. However, there is one small thing that I find unavoidable for productive use. By default "all" php-files are accessible via URL during the standard installation. This is a security weakness because "Remote Code Execution" vulnerabilities are found all the time when random PHP files are directly accessible.

Is it possible to run a Koken site with a clean Docroot folder that contains no code files and is therefore much more secure by default? (except for a central index.php which runs the app?)

Best regards
User avatar
Bjarne Varöystrand
Webbplatsadministratör
Webbplatsadministratör
Posts: 1063
Joined: Sun 29 Mar 2015, 21:02
Your name: Bjarne Varöystrand
Location: Lysekil, Sweden
Contact:

Re: Move the main part of Koken out of the DocRoot

Postby Bjarne Varöystrand » Thu 11 Oct 2018, 14:00

Hi there and welcome to KCS! :D

medienverbinder wrote:Source of the post Is it possible to run a Koken site with a clean Docroot folder that contains no code files and is therefore much more secure by default? (except for a central index.php which runs the app?)

Unfortunately, not at the moment... :oops:
Regards
Bjarne Varöystrand - Image || Reddit || Twitter|| Facebook

Image
christiancampo
Newbie
Newbie
Posts: 2
Joined: Tue 16 Oct 2018, 11:55
Your name: Christian Campo

Re: Move the main part of Koken out of the DocRoot

Postby christiancampo » Mon 05 Nov 2018, 09:25

Not sure I understand the security aspect. So instead of having 10 php files that you believe are a higher security risk you think only having one php file (that of course needs to include a lot of code to run a site) is "more" secure. I dont think that holds true. If you find PHP itself unsecure than dont use Koken or Wordpress or Joomla or most of the other tools.
I personally believe the risk is minimal since what a hacker can get is my pictures that I am showing anyway. What is the incentive to hack a photo portfolio with public content ?

  • Similar Topics
    Replies
    Views
    Last post

Return to “Installation and Setup”



Who is online

Users browsing this forum: No registered users and 1 guest