Security

From BBlog

The developers of bBlog try our best to make it secure. However we take no responsibility if anything goes wrong as bBlog is free software and you use it at your own risk.

If you have found a security issue, please notify security@bblog.com (mailto:security@bblog.com) before making any public announcement. We will work with you to resolve the issue.

Security Measures

Security is a two way street on one side is the developers responsibility to write secure code and the other is the user who has the obligation of making sure that they use software in a way that others could not easily pretend to be you posting.

Password Security

Passwords should never be stored in an unencrypted form such as a text file or a post-it (http://www.3m.com/us/office/postit/) note on your computer screen (monitor).

• Passwords should be around 20 or more characters
• Include a variety of capital lowercase numbers and special characters such as !@#$%^&*()
• Not be a dictionary word
• No-one other than you should know your password do not tell friends or family members other than your spouse.

Secure passwords are difficult to remember and a password vault such as KeyPass (http://keepass.sourceforge.net/) or other open source solutions are recommended.

Browser Security

Browsers such as Mozilla Firefox or Internet Explorer should not be told to store passwords as this would allow others to impersonate you and post under your name a way around this problem in Mozilla Firefox is to use a Master Password (http://kb.mozillazine.org/Master_password)

Changes that should have been done after installation

• Delete install.php and the install folder
• chmod -rw config.php, so that it is not writable by the webserver