Security considerations when migrating development sites to production sites
The server configuration and necessary permissions between your development server and production server may be completely different. Unless the production server is a completely dedicated environment, don't assume that what was safe on your development server will also be safe on the production server.
Take the time to revisit all the pages in this security section (particularly file permissions) with the context specific to your production server. In particular, pay attention to your writable file system permissions for /site/assets/, /site/modules/ and everything in them, as well as your /site/config.php file. You may need to make a recursive change to all files in that directory after migrating to production. For instance, if your production server has Apache running as your account, and your development server didn't, then you should lock down the permissions consistent with what the server supports.
- Potential permissions for writable files and directories
- How to change permissions of existing directories and files
- Securing your /site/config.php file
- Determining who Apache runs as
You might also find it worthwhile to install a test copy of ProcessWire on your production server before migrating your site to it. The installer can identify many potential issues ahead of time, saving you the hassle of figuring things out during migration. Remember to delete the test installation afterwards.
No comments yet. Be the first to post!
Your e-mail is kept confidential and not included with your comment. Website is optional.