From MovableType

A guide to securing Movable Type.

Contents 1 Overview 2 Security in Movable Type 2.1 Our Process 2.2 Patch History 3 Hardening Your System 3.1 General Tips 3.2 Your Database 3.3 Apache 3.4 Permissions 3.5 Case Studies

Overview

Movable Type has a long history and reputation for being a secure web application.

Security in Movable Type

• Movable Type employs time sensitive tokens for all form submissions to keep assailants from being able to use replay attacks, or to limit damage from XSS vulnerabilities that might be exploited.

Our Process

• When security issues are found in Movable Type the product team takes them very seriously. We drop everything we are working on to begin the process of verifying and reproducing the issue. If the issue is reproducible we begin the process of releasing a patch.

• We monitor all of our systems for security breaches 24 hours a day and have operations personnel on site 24 hours a day, 7 days a week to respond to any anomalous behavior of our system.

• We architect our network such that traffic of various types are routed to systems that have access to only what they need.

Patch History

Many users and customers ask about the frequency of security patches. Historically Movable Type has only made a handful of security focused release per year. Statistically these releases fix relatively minor issues and are not always considered "mandatory upgrades".

Hardening Your System

General Tips

• Keep your system up to date with the latest versions of your software
• Turn off insecure protocols, and services you are not using
  • Turn off FTP!

Your Database

• Place your database on a different machine than Movable Type. Do not give the outside world direct access to this machine.
• Restrict user rights on your database to allow users to access only what they need to.
• Don't forget to change all your default passwords (e.g. MySQL by default has no root password)

Apache

• Use Apache's ScriptAlias directive and place mt-static in a web accessible location
• Use Apache's Options directive wisely
• Use and require HTTPS for access to the Movable Type application. Do not permit passwords to be sent in the clear.

Permissions

• Lock down your file systems permissions
  • Make all of the files in the MT distribution non-writable.
• Open up only what you need to
  • Make mt-static/support writable
  • Make mt-static/themes writable

Case Studies

These are user-contributed case studies of how they installed Movable Type in particular security settings. The case studies are presented as-is and are meant only as an account of one user's experience. Following a particular case study in no way guarantees that you will arrive at a secure installation of Movable Type. However, it is hoped that the case studies will provide you with information that will help you create your own secure installation. Please feel free to add your own case studies to this list:

• Bud Gibson has provided a case study on installing Movable Type on Red Hat Enterprise Linux 5 with SELinux enabled. He is looking for feedback and will gladly accept comments that can help improve this particular study's usefulness.