CMS Security - Ruth Cheesley - CMS Africa 2014

•Download as ODP, PDF•

0 likes•1,512 views

This talk was delivered at the first CMS Africa summit in Nairobi, Kenya which was held between 7-8 March 2014. The talk explores basic security precautions to take when considering using a Content Management System.

Technology

CMS Security

Ruth Cheesley - @RCheesley

Understand permissions
World
(The world, the universe, and everything)
Group
(A set of users)
Owner
(owns the file)

Understand permissions
Read (r)

Write (w)

Can view the file
Chmod +r / -r
Numerical value = 4

Can make changes or modify the file
Chmod +w / -w
Numerical value = 2

Execute (x)
Can run the file (generally applicable at command line)
Chmod +x / -x
Numerical value = 1

NOTE: Folders cannot be listed and files within
can't be accessed if the folder does not have
execute permissions

Joomla! permissions

Owner

Group

World

7
(Read + Write + Execute)
rwx

5
(Read + Execute)
r-x

5
(Read + Execute)
r-x

6
(Read + Write)
rw-

4
(Read)
(r--)

4
(Read)
(r--)

Your weakest link

© James Steidl - Fotolia.com

Keep up to date

© iQoncept - Fotolia.com

Sell ethically to your clients

© puckillustrations - Fotolia.com

Modern security practices

© James Steidl - Fotolia.com

To find more information

magazine.joomla.org
docs.joomla.org

Ruth Cheesley - @RCheesley

What's hot

File systemMohd Arif

Files

kirtidhamija16

File Managementinsanmisteri111

File System Interface

chandinisanz

10 File System

Dr. Loganathan R

DracOs Forensic Flavor - Workshop

Satria Ady Pradana

ITFT_File system interface in Operating System

Sneh Prabha

Files concepts.53myrajendra

Harvard chart

PrivCo

Hard drivestheprinterdepo

File protection.59 to 60myrajendra

Whats A Hash

American Document Management

Building a userspace filesystem in node.js

Clay Smith

File Management – File Concept, access methods, File types and File Operation

Dhrumil Panchal

What's hot (14)

File system

Files

File Management

File System Interface

10 File System

DracOs Forensic Flavor - Workshop

ITFT_File system interface in Operating System

Files concepts.53

Harvard chart

Hard drives

File protection.59 to 60

Whats A Hash

Building a userspace filesystem in node.js

File Management – File Concept, access methods, File types and File Operation

Similar to CMS Security - Ruth Cheesley - CMS Africa 2014

Unix fundamentalsDima Gomaa

04-1-Linux.ppt

EidTahir

Access control list acl - permissions in linux

Sreenatha Reddy K R

Commands and shell programming (3)

christ university

101 4.5 manage file permissions and ownership v3

Acácio Oliveira

Basics of Linux

SaifUrRahman180

Host securityNguyen Tam

UserGuideHDFS_FinalDocumentAnna Ellis

Linux files and file permissionU.P Police

4.5 manage file permissions and ownership v3

Acácio Oliveira

Solaris basics

Ashwin Pawar

Linux Internals Part - 1

SysPlay eLearning Academy for You

File permissions

Varnnit Jain

Unix3

Krishna Prasad

lec1.docxismailaboshatra

Basic Cli By M Fawzy

Mahmoud Fawzy

Introduction to HDF5 Data Model, Programming Model and Library APIs

The HDF-EOS Tools and Information Center

Unix Basics 04spDr.Ravi

Unit3 browsing the filesystemroot_fibo

Similar to CMS Security - Ruth Cheesley - CMS Africa 2014 (20)

Unix fundamentals

04-1-Linux.ppt

Access control list acl - permissions in linux

Commands and shell programming (3)

101 4.5 manage file permissions and ownership v3

Basics of Linux

Host security

UserGuideHDFS_FinalDocument

Linux files and file permission

4.5 manage file permissions and ownership v3

Solaris basics

Linux Internals Part - 1

File permissions

Unix3

lec1.docx

Basic Cli By M Fawzy

Introduction to HDF5 Data Model, Programming Model and Library APIs

Unix Basics 04sp

Unit3 browsing the filesystem

More from Ruth Cheesley

Open source meets marketing - Presentation - OpenFest 2019

Ruth Cheesley

Data first web development

Ruth Cheesley

Talk given by Ruth Cheesley at JoomlaDay UK 2017. All too often websites are designed, built and deployed without any thought to how the business will track, capture and use the many sources of data. These sources of data available through many free tools can contribute vital information which allows a business to track sales from their origin and prove what parts of their online presence are delivering a return on investment. In this talk, Ruth explores the concepts and methodology of planning and building websites with a data-first mentality.

Integrated Marketing Strategies with Mautic

Ruth Cheesley

Automating your marketing workflows in Joomla with Mautic

Ruth Cheesley

Fight for the Pixel - Innovation Martlesham - Ruth Cheesley

Ruth Cheesley

Custom Fields in Joomla - JoomlaDay UK 2016 - Marco Dings

Ruth Cheesley

Time to stop breaking your promises - dealing with 404's, broken URLs and pla...

Ruth Cheesley

Change happens - it's inevitable. A URL is a promise, and when you change a site structure, you are responsible for keeping your promises and making sure those URLs are either redirected or killed off. This presentation runs through how to manage URL changes by running audits, what to do with URLs which have changed and how to properly kill off URLs using the 410 error code. Focused on Joomla, many of the resources are hosted on the Joomla Community Magazine.

Chalk and cheese - how developers and designers can work together and not cru...

Ruth Cheesley

A talk given by Ruth Cheesley of Virya Group, at the Innovation Martlesham breakfast on Tuesday, 21st April. Teams can often be challenging places for developers and designers to work harmoniously - here are some of the tips we've learned - join us on the journey through a project to see how the roles change between the team members to ensure we arrive at the destination together, on time, and with enough fuel in the tank!

Discovering Joomla! - Find out about Joomla's features

Ruth Cheesley

Ruth Cheesley - Joomla World Conference 2014 - How to prove you're worth a mi...

Ruth Cheesley

Conflict as an opportunity for growth in Open Source communities - European C...Ruth Cheesley

The world needs Open Source - Ruth Cheesley - NorDevCon 2014

Ruth Cheesley

A gaze into the crystal ball of Google - social, local and predictive search

Ruth Cheesley

Women in Open Source - Ruth Cheesley - CMS Africa 2014

Ruth Cheesley

Ruth Cheesley - Joomla! World Conference 2013 - What are you trying to say (a...

Ruth Cheesley

Ruth Cheesley - Joomla! World Conference 2013 - Is your business intelligent?

Ruth Cheesley

Suffolk Internet Marketing & SEO/M Specialists - Ruth Cheesley - Don't get in...

Ruth Cheesley

Ruth Cheesley - Joomla!Day UK - Joomla in your area

Ruth Cheesley

Ruth Cheesley - Joomla!Day UK - Articles are boring, long live the CCK!

Ruth Cheesley

Ruth Cheesley - Joomla!Day UK - Giving back to Joomla!

Ruth Cheesley

More from Ruth Cheesley (20)

Open source meets marketing - Presentation - OpenFest 2019

Data first web development

Integrated Marketing Strategies with Mautic

Automating your marketing workflows in Joomla with Mautic

Fight for the Pixel - Innovation Martlesham - Ruth Cheesley

Custom Fields in Joomla - JoomlaDay UK 2016 - Marco Dings

Time to stop breaking your promises - dealing with 404's, broken URLs and pla...

Chalk and cheese - how developers and designers can work together and not cru...

Discovering Joomla! - Find out about Joomla's features

Ruth Cheesley - Joomla World Conference 2014 - How to prove you're worth a mi...

Conflict as an opportunity for growth in Open Source communities - European C...

The world needs Open Source - Ruth Cheesley - NorDevCon 2014

A gaze into the crystal ball of Google - social, local and predictive search

Women in Open Source - Ruth Cheesley - CMS Africa 2014

Ruth Cheesley - Joomla! World Conference 2013 - What are you trying to say (a...

Ruth Cheesley - Joomla! World Conference 2013 - Is your business intelligent?

Suffolk Internet Marketing & SEO/M Specialists - Ruth Cheesley - Don't get in...

Ruth Cheesley - Joomla!Day UK - Joomla in your area

Ruth Cheesley - Joomla!Day UK - Articles are boring, long live the CCK!

Ruth Cheesley - Joomla!Day UK - Giving back to Joomla!

Recently uploaded

Enhancing Performance with Globus and the Science DMZ

Globus

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

UiPath Community Day Dubai: AI at Work..

UiPathCommunity

Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking. 📕 Curious on our agenda? Wait no more! 10:00 Welcome note - UiPath Community in Dubai Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank 10:20 A UiPath cross-region MEA overview Ashraf El Zarka, VP and Managing Director MEA, UiPath 10:35: Customer Success Journey Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank 11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more Boris Krumrey, Global VP, Automation Innovation, UiPath 12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services. Brendan Lingam, Director of Sales and Business Development, Marc Ellis

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Recently uploaded (20)

Enhancing Performance with Globus and the Science DMZ

Video Streaming: Then, Now, and in the Future

UiPath Community Day Dubai: AI at Work..

PCI PIN Basics Webinar from the Controlcase Team

FIDO Alliance Osaka Seminar: Overview.pdf

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Monitoring Java Application Security with JDK Tools and JFR Events

Quantum Computing: Current Landscape and the Future Role of APIs

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Assure Contact Center Experiences for Your Customers With ThousandEyes

By Design, not by Accident - Agile Venture Bolzano 2024

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

The Art of the Pitch: WordPress Relationships and Sales

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

GraphRAG is All You need? LLM & Knowledge Graph

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf