Installation"

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

Line 10: Line 10:
 
== Security Tips ==
 
== Security Tips ==
  
* On IIS, you may set "Execute Permissions" to "none" in the properties of the user files folder (created in step 2).
+
* In IIS, you may set '''Execute Permissions''' to "'''none'''" in the properties of the user files folder (the folder created in the above step 2).
* The ckfinder.config file contains many important security settings. Be sure you have reviewed and understood all of them.
+
* The '''config.ascx''' file contains many '''important security settings'''. Be sure you have reviewed and understood all of them.
 +
* Implement a '''full authentication''' solution in the '''CheckAuthentication() function''', based on session variables for example. Do not simply "return true" from it as it will make it possible to any user to upload and delete files in your server, including anonymous users.

Revision as of 11:39, 11 January 2008

Installation Instructions

  1. Copy the distribution files to your web server inside the /ckfinder/ folder or any other folder in your web site.
  2. Create a folder in the server to hold all uploaded files. By default, CKFinder is configured to use the /ckfinder/userfiles/ folder in your web site.
  3. Make the above user files folder writable by the internet user. On Windows, give write permissions to the IUSR_<ServerName> user.
  4. Edit the config.ascx file. Be sure you have correctly set all settings in that file, and that you have enabled CKFinder on it. See Configuration for more information.

You should be ready to go. Just browse _samples/aspx/standalone.aspx to test and see CKFinder in action.

Security Tips

  • In IIS, you may set Execute Permissions to "none" in the properties of the user files folder (the folder created in the above step 2).
  • The config.ascx file contains many important security settings. Be sure you have reviewed and understood all of them.
  • Implement a full authentication solution in the CheckAuthentication() function, based on session variables for example. Do not simply "return true" from it as it will make it possible to any user to upload and delete files in your server, including anonymous users.