Loading...
 
Architecture / Installation

Architecture / Installation


Where to Install if Tiki = Website?

posts: 30

New Tiki user here. Setting up a website whose only content will be via Tiki. So when users go to MyDomain.com they'll be looking at the main Tiki page.

Well, I installed Tiki 9.4 using my hosting company's Softaculous utility. As desired, when I go to MyDomain.com I get the main Tiki page.

My concern is that Tiki has installed a ton of files in the website's root directory. It's really cluttered. And the real concern is that those files can be read publicly. For example, http://MyDomain.com/copyright.txt displays the Tiki copyright file in the browser. I don't really mind that particular file, but it seems there would be a security issue here.

Is there a better way to create a Tiki-only website without exposing all of Tiki's inner workings to the public?

Thanks!!

posts: 30

Hmmm. Well, if Tiki checked to make sure what was/wasn't readable, then it decided that everything should be readable. All text files are readable and display in any public web browser. If directly linked, all php files do something — often returning unintelligible text which gets displayed in the browser.

I'm not a unix guru, but I could eventually figure out how to change permissions if I knew which permissions to assign to which files. Currently, all permissions are 0755 for directories, 0644 for files.

Or maybe everything is just fine the way it is. I'm just surprised that Tiki installed itself in such a way that any public user can poke around in (apparently) any Tiki file they want. Maybe it doesn't do any harm?

If anybody suspects trouble in my permissions, please let me know!!

posts: 3665 United States

Well, if you want the files to be usable, they have to be readable. It could be that I'm simply not understanding the problem.

AFAIK, the individual Tiki directories are not browsable... for example http://tiki.org/img/ redirects you to the site's home page instead of displaying the contents of the folder.

If you have specific security concerns, I suggest contacting http://security.tiki.org directly

HTH,

- Rick | My Tiki Blog | My Tiki UserPage

Why be a dummy? Get smarty! TikiForSmarties.com
Tiki for Smarties, your source for the best (and only) Tiki books, guides, and tutorials.

Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting