J3.x

Difference between revisions of "Secured procedure for installing Joomla with a remote database"

From Joomla! Documentation

(Marked this version for translation)
(A few markup changes.)
 
Line 3: Line 3:
 
<translate><!--T:1-->
 
<translate><!--T:1-->
 
Starting with Joomla! 3.7.4 the Joomla! Security Strike Team (JSST) implemented additional security checks in the install application in order to protect your web hosting accounts from being overtaken by a remote attacker.
 
Starting with Joomla! 3.7.4 the Joomla! Security Strike Team (JSST) implemented additional security checks in the install application in order to protect your web hosting accounts from being overtaken by a remote attacker.
In case your database is not on the same server as your website we require an extra check that makes sure you are the owner of the website.</translate>
+
In case your database is not on the same server as your website, we require an extra check to verify that you are the owner of the website.</translate>
  
 
<translate>
 
<translate>
==Who is affected?== <!--T:2-->
+
==Who is Affected?== <!--T:2-->
 
</translate>
 
</translate>
  
 
<translate><!--T:3-->
 
<translate><!--T:3-->
As this is a security issue in the installer application '''only new installations''' (or not yet installed) of Joomla are affected.
+
As this is a security issue in the installer application, '''only new installations''' of Joomla are affected.
If you want to do a new install by using “localhost” as database server '''nothing changes'''.</translate>
+
If you want to do a new install using ''localhost'' as the database server, '''nothing changes'''.</translate>
  
 
<translate>
 
<translate>
==How to fix== <!--T:4-->
+
==How to Fix== <!--T:4-->
</translate>  
+
</translate>
  
<translate><!--T:5--> If you want to install 3.7.4 and want to use a remote database server we require you to delete a file in the installation folder that was randomly created by the installer. As this filename is unique to your session we are sure you just deleted the file and we can finish installing as normal.</translate>
+
<translate><!--T:5--> If you want to install 3.7.4 and want to use a remote database server, we require you to delete a file in the installation folder that was randomly created by the installer. This filename is unique to your session so we are sure you just deleted the file and we can finish installing as normal.</translate>
  
<translate><!--T:6--> A special case is the “FTP mode”. In that case Joomla is not able to create files. So we require you to create a file in the installation folder in order to confirm that you are the website owner.</translate>
+
<translate><!--T:6--> A special case is the ''FTP mode''. In that case Joomla is not able to create files. We require you to create a file in the installation folder to confirm that you are the website owner.</translate>
  
 
<translate><!--T:7--> In both cases, the file name will be displayed in a message on your screen with instructions on how to validate the installation.</translate>
 
<translate><!--T:7--> In both cases, the file name will be displayed in a message on your screen with instructions on how to validate the installation.</translate>
  
<translate><!--T:8--> If you are running in a trusted environment (such as a docker container) then you can also set the environment variable <code> JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK</code> to value 1 in the container, which will skip this check</translate>
+
<translate><!--T:8--> If you are running in a trusted environment (such as a docker container), you can also set the environment variable ''JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK'' to a value of ''1'' in the container, which will skip this check.</translate>
 
 
  
 
__NOTOC__
 
__NOTOC__

Latest revision as of 21:43, 6 November 2022

Other languages:
Deutsch • ‎English • ‎Türkçe • ‎français

Starting with Joomla! 3.7.4 the Joomla! Security Strike Team (JSST) implemented additional security checks in the install application in order to protect your web hosting accounts from being overtaken by a remote attacker. In case your database is not on the same server as your website, we require an extra check to verify that you are the owner of the website.

Who is Affected?[edit]

As this is a security issue in the installer application, only new installations of Joomla are affected. If you want to do a new install using localhost as the database server, nothing changes.

How to Fix[edit]

If you want to install 3.7.4 and want to use a remote database server, we require you to delete a file in the installation folder that was randomly created by the installer. This filename is unique to your session so we are sure you just deleted the file and we can finish installing as normal.

A special case is the FTP mode. In that case Joomla is not able to create files. We require you to create a file in the installation folder to confirm that you are the website owner.

In both cases, the file name will be displayed in a message on your screen with instructions on how to validate the installation.

If you are running in a trusted environment (such as a docker container), you can also set the environment variable JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK to a value of 1 in the container, which will skip this check.