I’m wondering if there are any ideas for how to make sure an OJS installation is secure. Nothing crazy, but pinging certain files for example, or trying to inject code somewhere you shouldn’t on the front end. I’m curious if anyone has suggestions!
Quick google searches find dozens of installations with openly accessible configuration pages and whatnot, so I hope a list like this could help some people find best practices for file permissions, etc.
These aren’t tests per se, but we do have a section in our Administrator guide on securely deploying OJS: Securing Your System
Public Knowledge Project Staff
Thanks Roger. I’m reading through those again, but still hoping for some practice user-side tests.
Perhaps a quick URL fuzz is a good place to start? Something like:
Hi @benaltair, I see what you mean. I don’t know of any tests geared towards OJS like this offhand, but hopefully others will weigh in on what might be possible - having such tests would be really helpful.