Menu
▾
▴
Re: [SQL-Ledger-users] Still Cannot install sql-ledger
|
From: Izzy B. <iz...@ec...> - 2001-04-22 17:15:53
|
At 06:01 AM 22/04/01, you wrote: Thanks Andy, I was obviously in need of sleep last night. I only saw the first 6 steps last night. When I saw the last step in my browser window I thought that was it and off to bed I went! :) Thanks for filling in the missing steps for me and explaining step 5 and the reason for step 6. It's a good habit to configure security assuming you do have local users and the threat of attack from inside as well as outside is very real. Even if you only have a single server in a home based network protected by a firewall. :) > > > > I didn't understand step 5, and step 6 you can probably skip. > > > >Step 5 simply means that you should create a .htaccess file in the admin >directory. This will not prevent users from executing (i.e. including) the >config files, but it will prevent Apache from "handing" the files out to users >who request: > >http://www....com/sql-ledger/admin/config > >Step 6 would probably be needed if the system has a number of "local" user >acounts. > >Step 7 is also absolutely critical! If your SQL-Ledger/Apache server is also >your PostgreSQL server, use the following line in pg_hba.conf > >host myledgerdb 127.0.0.1 255.255.255.255 password > >(assuming your database for SQL-Ledger is myledgerdb) > >Be sure NOT to have a line like this in the file: > >host all 0.0.0.0 0.0.0.0 trust > >Step 8 is entirely about how granular your security control needs to be. >Implement it to suit yourself. > >BFN >Andy |
