23.4. How to guard against security vulnerabilities in PHP-Nuke

After all the detailed excusion to the security risks lurking around your pristine installation of PHP-Nuke that was undertaken in the previous sections, you may be asking yourself if there is anything you can do to avoid them. Indeed, following the advice in this section, will render your PHP-Nuke system as secure as can be.

But there is also one point you should understand while talking about software (and especially Web software) security: there is no absolute security! You can make life very difficult for the hypothetical "malicious user", but then, given enough (time, money and criminal energy) resources, every system connected to the Web can become vulnerable. Thus, if your carreer depends on this, hire a security professional to check the code for you.

However, even if you are on your own, you can still do a lot to guard against security vulnerabilities. You can:

• Stay current on developments and apply security fixes (see Section 23.4.1).

• Take the right security measures (see Section 23.4.2).

• Perform a security audit of the code yourself (see Section 23.4.3).

• Check file permissions (see Section 23.4.4) and cookie settings (see Section 23.4.5).

	Disable HTML and uploads!
	Many of the most important security risks arise from the fact that HTML is allowed in the News and Forums, or that users are allowed to upload avatars or mail attachments to the web server. You can thus diminish the attack potential against your site, if you disable HTML and uploads. But of course, this will not protect you from everything, so read on!