Once you have FileRun running, it is strongly recommended following these steps in order to secure it:
superuser
, is the only account not
protected against brute force login attacks, so it is very important
that you set a password that cannot be guessed by a computer. Set a
long password, containing also uppercase letters, digits and symbols.session.cookie_httponly
is set to On
, in your server's
PHP configuration file, for increased security against
cross-site-scripting attacks. * Update the configured MySQL user
account and remove the ALTER
and DROP
privileges. (You might
need to add these back before installing any FileRun update.)system/data
folder and its contents, where FileRun needs to be able
to make changes.display_errors
is set to Off
, in your server's PHP
configuration file. * Register your FileRun installation, from the
control panel, under Software licensing
, to be able to keep the
installation secure and up to date!If you are using the FileRun Docker image, know that the image "filerun/filerun" is provided only as an example of an environment configuration and not as an example of the best possible server configuration, neither for performance nor security. Our recommendation is to always build and maintain your own Docker image, and use https://github.com/filerun/docker only as an example. For best security, keep up to date the third-party software which is used by FileRun.