Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howto:hardening [2014/07/25 02:15] – We don't actually reccomend hardening your BBS. deucehowto:hardening [2014/07/25 02:29] (current) – Synchronet supports Digest auth now, you don't need to disable the server to disable Basic auth deuce
Line 19: Line 19:
  
 ===== Settings to Harden ===== ===== Settings to Harden =====
-Some settings I'm proposing to harden include. 
- 
 This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality.. This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality..
  
Line 69: Line 67:
     * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP, with basic auth sessions, could be intercepted     * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP, with basic auth sessions, could be intercepted
       * Change: Configuration Value       * Change: Configuration Value
-      **Disable Web Server on Win32**: From the //Synchronet Control Panel//Select **Web->Configure** from the top menuon the **General** tabUnCheck **Auto Startup**, then click **OK**.+        In the .ini filein the Web sectionadd (or modify) the Authorization line to read ''Authorization=Digest'' 
 +        Ensure that any webctrl.ini files don't override this value.
  
   * Don't enable NNTP   * Don't enable NNTP

Trace: