-
Notifications
You must be signed in to change notification settings - Fork 138
Secure the database
Arjen van Bochoven edited this page Jan 13, 2019
·
3 revisions
If you're running Munkireport with a MySQL backend, you can stop reading. If you're using SQLite, read on.
Munkireport ships with an .htaccess file that should protect the app directory on an Apache web server. It also contains a web.config file that should do the same on an IIS web server. But webservers are complex beasts and global configurations may interfere with the security settings. And if you're using nginx you don't have any out-of-the-box protection at all.
First check if the database is exposed to the world by trying to download it with a browser: https://yourserver.fqdn/app/db/db.sqlite
If you can download the file, your data is publicly available which is a Bad Thing™.
- Make sure the database directory is out of the webroot.
- General Upgrade Procedures
- How to Upgrade Versions
- Troubleshooting Upgrades
- Migrating sqlite to MySQL