How i can have the best secure GetSimple?

[platinum]

I used other CMS (Wordpress, CMS Made Simple...) and usually it is not hard to have a hackered website.

So i read here
http://get-simple.info/wiki/security

and then i ask:

1 - there are other suggestions for a secure GetSimple?

2 - where GetSimple saves username+passoword? what is the excat file and what is the best chmod attribute for this file?

[Connie]

check the options in gsconfig.php and add strong SALT there
that will encrypt the relevant data

the user data is stored in /data/users (take a ftp-trip around your files ;=) )
if you use a strong passworde and strong SALTs you will have a secure system

there was once a security warning at a security website, but that is long time ago

Cheers, Connie

[platinum]

thanks for message, Connie.

but please give me more info and help step-by-step:

how i can check the options in gsconfig.php and add strong SALT there?

(i dind't understand)

[Connie]

download the gsconfig.php from your server (it is generated by the installation)
open it in a text-editor (not WORD)

read the different entries, each has a comment above

read the wiki: http://get-simple.info/wiki/config:gsconfig?s

cheers, Connie

[platinum]

Thanks again, Connie.

i downloaded gsconfig.php file from my server and i opened it by notepad text-editor.
then i read here
http://get-simple.info/wiki/security
and also this important page
http://get-simple.info/wiki/how_to:chang...ord_salted
(i read it only now! there is a good step-by-step!)


so:


1 - at the first, i put username+password in "admin panel" in my GetSimple, so i logged.
and then i don't logout! i stay in login mode!


2 - in line numer 19 of gsconfig.php file, i find this code
#define('GSLOGINSALT', 'your_unique_phrase');

i must change all this line with a line created by
http://get-simple.info/api/security/

for example, and i must use (without # !! pay attention!!)
define('GSLOGINSALT', 'ZU^C%REVY02CfBlsqe~MOt--wfwPd|d3WTcrQWtFyR=j4uZ~uHo4vqD');


3 - in line numer 61 of gsconfig.php file, i find this code
#define('GSUSECUSTOMSALT', 'your_new_salt_value_here');

i must change all this line with a line created by
http://get-simple.info/api/security/

for example, and i must use (without # !! pay attention!!)
define('GSUSECUSTOMSALT', 'GfDsfUh05osw*hgS65 bc=sCUInKvrp^AQPd^21*-xBrb6WOKSyYif5');



4 - i put online this new gsconfig.php file and then i must change "admin password"
after these steps, i put online this new gsconfig.php file.
i'm still in "Login mode".
now simply i must change "admin password" by "admin panel" of GetSimple (i can re-use also the same password that i had before. but this step it is important because force the system to generate a password for new gsconfig.php file).

it is all correct?
nothing else?

[Connie]

all I can say is that you should not be logged in when editing the SALT-Options

please do a forum search here about these problems it has discussed

I cannot help you further, I have no practical knowledge on that

[platinum]

thanks, Connie :-)

anyway i modified gsconfig.php file and in the same time i was logged.
it's important to be in "login mode", because (after you put online the new gsconfig.php) the old password for login doesn't work! and so you cannot go in admin pannel