How to protect your AjaXplorer installation

AjaXplorer helps you turn your web server into a powerful file management system : install once and access your files from anywhere. Organize, preview and share them, easily and securely. AjaXplorer comes fully equiped with a complete users management system, securing the whole installation at once. It can also be interfaced with existing authentication mechanisms, to implement a “Single-Sign On” system and make users life easier. Install AjaXplorer via Softaculous with just one click.

ajaxplorer logo

Here are some basic recommendations for securing your AjaXplorer installation :

1. Protect your folders from direct web access :

Under the main AjaXplorer installation folder, the following folders contents must be hidden from the web server. It is by default the case if you are using Apache, as .htaccess files are part of the distribution.

  • ajaxplorer_install/conf
  • ajaxplorer_install/data/[all subfolders except “public”], that is the default container for the « shared links » public files.

Note:  concerning the .htaccess files under Apache, be sure to allow override of the Limit directives on your web server (contact your Webmaster).

If you can, do not use the default « files » folder placed inside the distribution, but create a repository pointing to a folder outside your web « document root ».

2. Basic security rules :

HTTPS usage is recommended by AjaXplorer, but you have to configure your server for that, it cannot be done automatically by AjaXplorer.

Always use strong passwords. There is a password minimum length option that is set to 8 characters by default.

3. Check for upgrade :

Security issues are always released with high priority by the AjaXplorer team, use the integrated upgrade tool to check if updates are available and apply them! You can also upgrade your AjaXplorer installation using Softaculous.

Soruce : http://ajaxplorer.info

Leave a Reply