We recommend you don't take security issues too lightly. Chamilo is security-audited at least once a year, but you're never too sure. This list is a work in progress. Feel free to recommend additional measures by sending us an e-mail at info@chamilo.org.
Contents
1. Disclosing server info
It is considered a safer behaviour not to disclose server information from your Chamilo page. In order to avoid both web server and PHP information disclosure, you might want to take the following actions:
- Locate the ServerTokens setting inside your Apache configuration and set it to "Prod"
- Locate the ServerSignature setting inside your Apache configuration and set it to "Off"
- Locate the expose_php setting inside your PHP configuration and set it to "Off"
- Reload Apache
2. Keeping up to date
Make sure you check our security issues page from time to time. Subscribe to our free security alerts mailing-list: http://lists.chamilo.org/listinfo/security or that you follow our security Twitter feed: http://twitter.com/chamilosecurity.
3. Using safe browsers
Additionnally to lacking the implementation of features that really improve the quality of your browsing the Internet, older browsers tend to have many unresolved security flaws. Using an old browser, you put in danger the security of your computer and the data it contains, but you can also put others in danger by letting crackers take control of it and attacking others.
To avoid being a risk to yourself and others, you should download and install a recent browser. We recommend the latest stable version of Firefox.
Authors
- Yannick Warnier, Zend Certified PHP Engineer, BeezNest Belgium SPRL, ywarnier@beeznest.net