Securing DbNinja Installation
- Configure your web server to block access to '_users' and '_includes' directories. DbNinja comes preconfigured with `.htaccess` files for Apache web server, however, if 'AllowOverride' setting is disabled on your web server, you will have to configure your web server manually.
If your web server is IIS, download the web.config (right click, save as...) file and place it in DbNinja's directory.
You can make sure that the directories are protected by opening the following URL in your web browser: http(s)://yoursite/dbninja/_users/secure.html
If a window with warning pops up, something is still wrong.
- Rename the default "dbninja" directory to something unique, for example, "alibaba123". This will make it hard for others to discover DbNinja.
- Rename the '_users/admin' directory to something unique. This will force the perpetrator to guess the username in addition to your password.
- Configure your web server to deny access to DbNinja directory from all except known IP addresses.
- To prevent unauthorized access to your server and data, use DbNinja over SSL encrypted connection (HTTPS) or enable the built-in connection encryption in `Settings` window.