Pixaria Software
Once Pixaria is installed and running, there are a number of steps you can take to increase the security of your website and protect yourself against theft of your images or malicious attacks by hackers or other undesirable characters.
PHP has a built in configuration setting called 'register_globals' that, when enabled, allows any PHP script to automatically convert form data into variables or arrays that can be used within PHP scripts. This represents a major security issue for PHP and any scripts that run when it is turned on. In April 2007, a security vulnerability was discovered in Pixaria that exploited the register_globals setting allowing hackers to damage some Pixaria installations where the setting was turned on.
The dashboard in Pixaria version 1.4.3 or above will notify you if register_globals is turned on. If it is turned on on your web server, it's advisable to follow these instructions to turn it off.
Since very few scripts ever need register_globals to be turned on, it's invariably a good idea to turn the setting off wherever possible. This is easy to do either by editing PHP's configuration file 'php.ini' or by placing a text file called .htaccess with the following code into the base path of your website:
php_flag register_globals OffRemember that some FTP programs don't always show files whose names begin with a period/dot (full stop) mark so before you upload your own .htaccess file, be sure to check there isn't a hidden one already in place!
To ensure that your site is secure against malicious users, it is a good idea to lock down access to certain key directories in Pixaria by preventing access to them over the web.
This can easily be done be creating a text file called .htaccess with the following code in it:
Order Deny,Allow Deny from all
This file should then be uploaded to these five locations in your Pixaria installation:
-/resources/incoming/ -/resources/library/ -/resources/includes/ -/resources/pixies/ -/resources/smarty/
To test whether the protection you've applied is working correctly on your site, you can try it out by using your web browser of choice and entering a URL in this form:
http://www.mysite.com/pixaria/resources/includes/
If the protection is working as planned, you should get an error message and an 'access denied' warning.