Joomla 3.X Global Settings Part III Server Settings Diagram 1 Path to Temp Folder: This is a text box adjacent to this prompt which holds the path to Joomla s temp folder on the web server. This is the folder in which Joomla stores its temporary files which are created when some code or the other is processed on the web server. The contents of this text box get filled in when Joomla is installed. If required Joomla can be instructed to use a completely different folder in which to store its temporary files while executing any of its programs on the web server. To do this, create a folder wherever desired on the Web server and enter the relative path to the new folder in this text box. Gzip Page Compression: This is a switch that informs Joomla to use a PHP built in library and zip the output of the web page ( i.e. compress the output ) prior the output being delivered to a requesting Browser. Since the output file is compressed ( i.e. GZIPped ) this can reduce the time it takes a web page to download to the Browser. At the same time, this increases the Web server work load, because this requires the Web server to compress data for every page delivery to a Browser. The default setting is No. Error Reporting: This is a drop down list box via which the website owner can change the amount of error reporting that Joomla does. In production sites, it's recommended to set this as low as possible. Hackers can use the information produced by error reportage to find security holes in the website. These are the options available in the Error Reporting drop down list box: System default None Simple Maximum Development 1
During the website development stage, set error reporting to Maximum. After the website is completed / tested and live, set error reporting to System default or None as seen fit. At Joomla install time error reporting is set to System Default. Force SSL: This is a drop down list box via which the website owner can instruct Joomla to force SSL ( i.e. Secure Socket Layer ) communications to occur between the Web server and the requesting Browser. The choices available via the Force SSL drop down list box are None, Administrator Only, Entire Site. When Force SSL is set, access to those areas of the Joomla website can only be done by using https://. Turn this on only if the Web server supports such an option. At Joomla install time, the setting is None. Location Settings Diagram 2 Server Time Zone: This is a drop down list box via which the website owner can select the current time for the Web server. The time set should be based on where the Web server is physically located. The time set at the time of Joomla install is Universal Time, Coordinate (UTC). To change this click on the drop down list box and select the time of your choice based on the physical location of the Web server. FTP Settings Diagram 3 NOTE: FTP stands for File Transfer Protocol. All these settings can be set during Joomla installation. 2
Enable FTP: This is a switch that tells Joomla to use its built-in File Transfer Protocol libraries instead of the normal upload process used by PHP. FTP Host: Enter the name of the ftp host in the text box adjacent to this prompt. This is always the name of the website i.e. www.mywebsite.com FTP Port: Enter the number of the of the FTP port in use on the Joomla 3.X website in the text box adjacent to this prompt. The default FTP port of any Web server is port 21. Hence enter 21 in this text box. FTP Username: Enter the FTP Username in the text box adjacent to this prompt provided by your hosting provider, OR enter any FTP user name of your choice. This will the username you will use to access the Joomla FTP account. FTP Password: Enter the FTP Password provided by your hosting provider, OR any password of your choice in the text box adjacent this prompt. The same password will have to be used to access this Joomla FTP account. FTP Root: Enter here the physical location ( i.e. the root directory of your website on the server ) of the folder that you want the FTP account to connect to on your Web server. If you are not sure which is the root directory of you website, you can contact you host provider and ask. Database Settings Diagram 4 NOTE: Database details are filled in to each of these text boxes during Joomla installation as shown in diagram 4. 3
Database Type: This is a drop down list box that has two choices of Database Type, MySQL and MySQLi. Joomla 3.X recommends the use of MySQLi. This is the choice set at Joomla 3.X installation time. Hostname: The text box adjacent to this prompt is normally loaded with localhost during Joomla 3.X installation process. Typically localhost is entered here for most Joomla installations (or 127.0.0.1). This is because most often the Joomla database is located on the very same Web server as is the Joomla CMS. However, it is quite possible for the hostname to point to a completely different Web server altogether should the Joomla database in use be located physically on a Web server other than the one on which the Joomla CMS is installed. Username: The text box adjacent to this prompt is normally loaded with the MySQL username, entered at the time when Joomla 3.X was being installed. Database: The text box adjacent to this prompt is normally loaded with the MySQL database name, entered at the time when Joomla 3.X was being installed. Database Tables Prefix: The text box adjacent to this prompt, displays a randomly generated ( by Joomla ) database table name prefix. This is the prefix that Joomla will use prior each of its table names when its tables are created and populated during the Joomla 3.X installation process. This is largely for security purposes. Since Joomla is an Open source, free to use by all, CMS, its table structures and names are in public domain. This makes it easier for hackers to gain access to Joomla websites. By adding a randomly generated table name prefix, Joomla makes each installations database table names unique and hence a ton more difficult for a hacker to access Joomla tables in each Joomla CMS installation. 4
Mail Settings Diagram 5 Mailer: This is a drop down list box via which the web owner can instruct Joomla which type of Web server based, Mail process, must be used by Joomla CMS to deliver User or Administrator Emails from the website. The choices are: PHP Mail Sendmail SMTP Joomla CMS can use any of these three methods to dispatch Email from the Web server. PHP Mail If this option is selected Joomla will use the mail function that is built into PHP and is the simplest way of sending Emails from the webserver. Sendmail - If this option is selected Joomla will use the Sendmail program, almost always installed and live on a Web server, which is typically used when dispatching HTML based email forms via Email. This requires the correct Sendmail path to be entered to be entered into the text box adjacent to this prompt. SMTP - If this option is selected Joomla will use the Web site's SMTP server to send Email. This is the most secure way of mailing. This requires entering all the SMTP login details in the text box adjacent this prompt. 5
From Email: Enter a legitimate Email Id in the text box adjacent this prompt. Joomla will use this Email ID as the From Email ID when it dispatches website Email(s) via any of the three methods chosen via the drop down list box adjacent the Mailer prompt. This Email ID will be visible in the recipient s mail client via which they can identify who sent them the Email. Sendmail Path: In the text box adjacent this prompt enter the path where the Sendmail program is located on your Web server. This text box is typically filled in by Joomla during its installation process. NOTE: This is only used if Mailer is set to Sendmail. SMTP Authentication: This is a switch via which a website owner can inform Joomla whether the SMTP Mail server on the website requires authentication to send Mail or not. If the Mail server run on your Web server does not require authentication ( i.e. A Login ID and Password ) prior it being accessed then set the switch to No. If the Mail server run on your Web server does require authentication ( i.e. A Login ID and Password ) prior it being accessed then set the switch to Yes. At Joomla install time this switch is set to No. NOTE: This is only used if Mailer is set to SMTP. SMTP Security: This is a drop down list box via which the web site owner informs Joomla of the type of security to be used when sending Email to site visitors. Type of security options are SSL and TTL. At Joomla install time this is set to None. NOTE: This is only used if Mailer is set to SMTP. SMTP Username: In the text box adjacent to this prompt enter the username to be used when Joomla accesses the SMTP host. NOTE: This is only used if Mailer is set to SMTP. SMTP Port: In the text box adjacent to this prompt enter the SMTP port number. Most unsecure SMTP servers use port 25 and most secure SMTP servers use port 465. If you are not sure of what port number to enter here, contact your hosting company and they will give you the correct port number to use. This is only used if Mailer is set to SMTP. SMTP Username: In the text box adjacent to this prompt enter the username to be used by Joomla to access to the SMTP host. This is only used if Mailer is set to SMTP. SMTP Password: In the text box adjacent to this prompt enter the password to used by Joomla to access to the SMTP host. This is only used if Mailer is set to SMTP. SMTP Host: In the text box adjacent to this prompt enter the SMTP HOST address to be used by Joomla when sending mail. This is only used if Mailer is set to SMTP. 6
Permission Settings Diagram 6 NOTE: Before making any changes do read the Notes 1 & 2 written at the bottom of the Permission Settings page. Notes 1 & 2 contain the following information. 1. If you change the setting, it will apply to this and all child groups, components and content. Please note that: Inherited means that the permissions from the parent group will be used. Denied means that no matter what the parent group's setting is, the group being edited cannot take this action. Allowed means that the group being edited will be able to take this action (but if this is in conflict with the parent group it will have no impact; a conflict will be indicated by Not Allowed (Locked) under Calculated Settings). Not Set is used only for the Public group in global configuration. The Public group is the parent of all other groups. If a permission is not set, it is treated as deny but can be changed for child groups, components, categories and items. 2. If you select a new setting, click Save to refresh the calculated settings. NOTE: It s a good idea that none of the Permission Settings are changed by anyone during website create / test phase. The Joomla default settings are normally pretty effective in controlling the access to all website information even after the website goes live. If these settings have to be changed /set then they should be done by someone who is a Joomla professional and knows exactly what they are doing. 7
Text Filter Settings Diagram 7 Joomla websites are dynamic and permit / encourage site visitors to engage with the website owner in many different ways. One way is by having the site visitor fill in a HTML form delivered via a Joomla web page. Once the site visitor, fills in the form and clicks a Submit button the information entered in to the form is returned and stored with a database table on the Joomla website. While this is great for site visitor and site owner interactivity, it is also a technique that hackers use to deliver rogue data into a Joomla website. Once this is done ( i.e. Their rouge data gets stored in Joomla s database tables) they have techniques via which they can activate this rogue data and hack into and take over the Joomla website. Since the Joomla core team is aware that happens they have provided Text Filter Settings at Joomla Global configuration level. Using the Text Filter Settings a website owner has definite control over exactly what information can be entered by site visitors into all forms delivered by the Joomla website. Thus the website owner can filter / control the insertion of rogue data into Joomla s database tables. As website owner one can be as strict or as liberal as required via the Text Filter Settings when accepting input from different content providers to suit the website needs. Text filtering is opt-in. The default settings done at the time of Joomla installation actually provide pretty good protection against rogue HTML code commonly associated with malicious Web site attacks. 8
There are five filter types: 1. Default Black List: These are HTML tags and Attributes that have been built-in to the Joomla CMS core. When Default Black list is chosen via the drop down list box adjacent the Filter Group prompts this prevents any Joomla delivered form from accepting all of HTML tags and attributes entered in the Default Black List. Tags for the Default Black List include: applet, body, bgsound, base, basefont, embed, frame, ilayer, layer, ink, meta, name, object, script, style, title, xml Attributes for Default Black List include: action, background, codebase, dynsrc, lowsrc 2. Custom Black List: When Default Black list is chosen via the drop down list box adjacent the Filter Group prompts All the HTML Tags entered into the text box beneath the label Filter Tags And All the HTML Attributes entered into the text box beneath the label Filter Attributes Override the Default Black List. 3. White List: When White list is chosen via the drop down list box adjacent the Filter Group prompts this accepts only: All the HTML Tags entered into the text box beneath the label Filter Tags And All the HTML Attributes entered into the text box beneath the label Filter Attributes 4. No HTML: When No HTML is chosen via the drop down list box adjacent the Filter Group prompts this strips all HTML tags and their attributes submitted via any/all Joomla forms delivered via the Joomla website 5. No Filtering: When No Filtering is chosen via the drop down list box adjacent the Filter Group prompts this ensures that Joomla will apply no HTML or HTML attribute Text Filtering to any of the content submitted to the Joomla website any / all of the forms delivered by the Joomla website. NOTE: Do register that Text Filtering is applied to various Joomla groups either internal to Joomla CMS or defined additionally by the website owner when necessary. 9