Difference between revisions of "Security Checklist/Getting Started/zh-tw"

From Joomla! Documentation

< Security Checklist
(Created page with "並非所有的技巧都是適用於各種技術水準的操作者。您可以先操作您能了解的項目,再進一步閱讀更進階,您尚未熟練的技巧。")
(Created page with "'''及早備份,經常備份:'''設定(以及使用及測試)經常性備份以及還原流程。完善之後,可以確保您還原幾乎是任何可以想像的災難。")
(4 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
=== 安全很重要 ===
 
=== 安全很重要 ===
  
:網路安全是一個快速變遷的挑戰,或者說是威脅。沒有一個標準答案來應付所有的網站,and all security methods are subject to instant obsolescence, incremental improvement, and constant revision. All public facing websites are open to constant attack. Are you willing and able to invest the time it takes to administer a dynamic, 24x7, world-accessible, database-driven, interactive, user-authenticated website? Do you have the time and resources to respond to the constant flow of new Internet security issues? The [[Top 10 Stupidest Administrator Tricks]] is a comic/tragic look at what can go wrong. Don't learn these tricks the hard way! Depending on your own experience, reading the ''Stupidest Tricks'' will either make you laugh or cry. Luckily, there are some well-established principles upon which to base your defensive plans. The following checklists point you toward current best practices for Joomla security.
+
:網路安全是一個快速變遷的挑戰,或者說是威脅。沒有一個標準答案來應付所有的網站,任何一種安全設置都可能在一瞬間變得過時,或是需要變更來增強、持續修改。所有對外公開的網站,都會是駭客持續攻擊的目標。您是否願意,並可以投資時間?Are you willing and able to invest the time it takes to administer a dynamic, 24x7, world-accessible, database-driven, interactive, user-authenticated website? 您是否有時間以及資源,來對最新的網站安全議題做出回應?以下的 [[S:MyLanguage/Top 10 Stupidest Administrator Tricks|Top 10 愚蠢的系統管理員撇步]] 是一份搞笑/淒慘的視角來說明哪些行為是錯誤的。別效法這些撇步!依據您的經驗,可以閱讀裡頭的 ''最愚蠢撇步'',來引發您的笑聲,或哭聲。幸運的是,這些內容是建立於真正重要的原則,也可以作為您防禦計畫的基石。以下的核對清單會指引您最佳的 Joomla! 安全性實踐。
  
 
=== 要如何閱讀這些文件 ===
 
=== 要如何閱讀這些文件 ===
 
# 並非所有的技巧都是適用於各種技術水準的操作者。您可以先操作您能了解的項目,再進一步閱讀更進階,您尚未熟練的技巧。
 
# 並非所有的技巧都是適用於各種技術水準的操作者。您可以先操作您能了解的項目,再進一步閱讀更進階,您尚未熟練的技巧。
# Not all techniques are appropriate for every server. If you use a shared server, you must depend on the settings established by your hosting provider. If you are using a virtual or dedicated server, you can apply more creative security tactics.
+
# 並非所有的技術都適用於所有的伺服器。如果您使用共享主機,您應該要依照您的寄存服務提供,來完成設定;如果您使用虛擬或是實體伺服器,您可以套用儘可能最多的安全策略。
# Not all security tactics are appropriate for all versions of Joomla. Where a technique applies to only one version it is noted by one of the following icons: {{JVer/multi|1.0,1.5,1.6,1.7,2.5,3.0,3.1}}
+
# 並非所有的策略都適用於所有版本的 Joomla!。僅適用於特定版本 Joomla的策略,會在前面標記圖示: {{JVer/multi|1.0,1.5,1.6,1.7,2.5,3.0,3.1}}
  
 
=== 最重要的指南 ===
 
=== 最重要的指南 ===
:These checklists are long and growing because the full plot is thick, complex, and expanding, but don't despair! Here are a few essential guidelines for securing any website. Following them will protect you from most catastrophes.
+
:這些核對清單很長,而且一直成長,因為整個架構很大、很複雜而且一直延展中,但先別氣餒。這裡有些最重要的安全性指引,是適用於所有網站的。請讓它們保護您免於重大災難。
  
# '''Back up early and often:''' Set up (and use and test) a regular backup and recovery process. When done well, this ensures that you can recover from almost any imaginable disaster.
+
# '''及早備份,經常備份:'''設定(以及使用及測試)經常性備份以及還原流程。完善之後,可以確保您還原幾乎是任何可以想像的災難。
 
# '''Update early and often:''' Promptly update to the latest ''stable'' version of Joomla! and any installed third-party extensions. This ensures that your site is protected from the newest vulnerabilities as soon as a fix is released and from the latest attack methods as soon as a defense is developed.
 
# '''Update early and often:''' Promptly update to the latest ''stable'' version of Joomla! and any installed third-party extensions. This ensures that your site is protected from the newest vulnerabilities as soon as a fix is released and from the latest attack methods as soon as a defense is developed.
 
# '''Use a secure host''': Use a high-quality Web host. Do not be fooled by offers of 'unlimited bandwidth, unlimited hard drive space, unlimited databases, etc.
 
# '''Use a secure host''': Use a high-quality Web host. Do not be fooled by offers of 'unlimited bandwidth, unlimited hard drive space, unlimited databases, etc.

Revision as of 00:20, 13 January 2021

Other languages:
Deutsch • ‎English • ‎中文(台灣)‎
Security Checklist Joomla CMS
Articles in this series

安全很重要

網路安全是一個快速變遷的挑戰,或者說是威脅。沒有一個標準答案來應付所有的網站,任何一種安全設置都可能在一瞬間變得過時,或是需要變更來增強、持續修改。所有對外公開的網站,都會是駭客持續攻擊的目標。您是否願意,並可以投資時間?Are you willing and able to invest the time it takes to administer a dynamic, 24x7, world-accessible, database-driven, interactive, user-authenticated website? 您是否有時間以及資源,來對最新的網站安全議題做出回應?以下的 Top 10 愚蠢的系統管理員撇步 是一份搞笑/淒慘的視角來說明哪些行為是錯誤的。別效法這些撇步!依據您的經驗,可以閱讀裡頭的 最愚蠢撇步,來引發您的笑聲,或哭聲。幸運的是,這些內容是建立於真正重要的原則,也可以作為您防禦計畫的基石。以下的核對清單會指引您最佳的 Joomla! 安全性實踐。

要如何閱讀這些文件

  1. 並非所有的技巧都是適用於各種技術水準的操作者。您可以先操作您能了解的項目,再進一步閱讀更進階,您尚未熟練的技巧。
  2. 並非所有的技術都適用於所有的伺服器。如果您使用共享主機,您應該要依照您的寄存服務提供,來完成設定;如果您使用虛擬或是實體伺服器,您可以套用儘可能最多的安全策略。
  3. 並非所有的策略都適用於所有版本的 Joomla!。僅適用於特定版本 Joomla的策略,會在前面標記圖示:  Joomla 1.0 Joomla 1.5 Joomla 1.6 Joomla 1.7 Joomla 2.5 Joomla 3.0 Joomla 3.1

最重要的指南

這些核對清單很長,而且一直成長,因為整個架構很大、很複雜而且一直延展中,但先別氣餒。這裡有些最重要的安全性指引,是適用於所有網站的。請讓它們保護您免於重大災難。
  1. 及早備份,經常備份:設定(以及使用及測試)經常性備份以及還原流程。完善之後,可以確保您還原幾乎是任何可以想像的災難。
  2. Update early and often: Promptly update to the latest stable version of Joomla! and any installed third-party extensions. This ensures that your site is protected from the newest vulnerabilities as soon as a fix is released and from the latest attack methods as soon as a defense is developed.
  3. Use a secure host: Use a high-quality Web host. Do not be fooled by offers of 'unlimited bandwidth, unlimited hard drive space, unlimited databases, etc.
  4. Use the community: Don't forget the truism, "If a deal is too good to be true, it is." It seems that nothing on Earth is unlimited--except perhaps the gullibility of fools and the greed of those who prey upon them. Consider hiring professional assistance if you have inadequate experience or knowledge in this area. One of the advantages of GNU software is that user support is free. Take good advantage of this by asking good questions within the Joomla! Forums. When doing so, be sure to use the the most appropriate board, such as Installation, Migration and Updating, Administration.


The most helpful posts in the Joomla! Security Forum are converted into Security and Performance FAQs. Many of the items on this list are explained in much greater detail in the FAQs.


You may want to read the excellent Absolute Beginners Guide to Joomla! It has wealth of tips and tricks presented in an easy to understand format. Even experienced Joomlaists find great ideas here.


Hunt down the many nuggets of wisdom found in the Joomla! Forums, in particular the Joomla! 3.x Security Forum and the Joomla! 2.x Security Forum.


To receive all Joomla security announcements, subscribe to Joomla Security News. There are several ways to subscribe:
  1. Automatic Email Notification
  2. RSS feed.

壞消息

  1. There is no perfect security on the Web! As economists would say, "There's no free lunch." Don't be fooled by Joomla's award winning ease-of-use. Maintaining a secure Web site on the open Internet is not easy. Maintaining adequate security requires a wide and ever-growing range of skills and knowledge, constant watchfulness, and a robust backup and recovery process.
  2. There's no one right way! Due to the variety and complexity of modern web systems, security issues can't be resolved with simple, one-size-fits-all solutions. You (or someone you trust) must learn enough about your server infrastructure to make valid security decisions. Strong security is a moving target. Today's expert might be tomorrow's victim. Welcome to the game...
  3. There's no substitute for experience! To secure your Web site, you must gain real experience (some of which will be bitter), or get experienced help from others. If you haven't invested the considerable time it takes to learn how to maintain a secure Web site, be sure you can consult with someone who has. Read this tongue-in-cheek description of the Top 10 Stupidest Administrator Tricks which illustrates typical, blow-by-blow examples of how to learn Web security the hard way.

好消息

  1. Even a beginner can start at the head of the herd User forums for many systems are clogged with Help! I've been hacked posts by people who did NOT follow standard security practices. If you are studying this checklist before your site is attacked, congratulations, you're already ahead of the herd.
  2. It's not as hard as it looks If this is one of your first websites, security issues may seem overwhelming, but you don't have to deal with all of them at once. Start with the most critical issues. As you become more familiar with GNU tools and techniques, including GNU/Linux, Apache, MySQL, SQL, PHP, HTTP, CSS, XML, RSS, TCP/IP, FTP, Git, JavaScript, and Joomla!, you'll add refinements to your set of security tactics.
  3. You can get help If you believe your website was attacked, do not simply post an announcement with full details in the Joomla! forums. If you are dealing with a new vulnerability or new form of attack, publishing that information could put other websites at risk. Instead, report possible security vulnerabilities to the Joomla! Security Task Force.
Retrieved from "https://docs.joomla.org/index.php?title=Security_Checklist/Getting_Started/zh-tw&oldid=778177"