We’ve made some changes

Some information about a few changes we’ve made today

Good very early morning all, we’ve made some changes to our website and server in the interest of security. As a result of these changes, all users will need to sign in again, but no user account data has been affected. Here’s a list of the changes we’ve made:

  • We’ve restricted access to some import files for our Content Management System (CMS) to prevent assailants from accessing sensitive settings and more
  • We’ve changed some of the roles in our website to be more finely controlled, and thus secure
  • We’ve removed the “Server Information” page along with some other custom pages and files, which will allow our CMS and it’s built-in security features to manage the entire website automatically. We will replace the server info page with a CMS-friendly version soon
  • We’ve made some changes to the website’s database, which will enhance security. Due to the sensitive info in the database we can’t detail these – these changes didn’t affect any data
  • We’ve moved some important and sensitive configuration files out of the server’s public-accessible folder using some filesystem and permissions trickery
  • We’ve changed the SALTs used by our website to secure cookies, which will result in users needing to sign back in

We’ve also made some changes not related to security, which are listed here:

  • We’ve disabled web caching, which was preventing some people from receiving up-to date versions of our pages when we updated existing pages, until the cache expired and refreshed, which was typically between 6 and 12 hours
  • We’ve altered the privacy configuration of our store page – failed or cancelled orders will now be erased completely after 7 days, if not recovered by the customer and completed orders will be anonymised after 1 year, unless the user requests anonymisation before this deadline
  • We’ve added support for secure digital downloads, the reason for which will become clear shortly 😉
  • We’ve also added the ability for us to publish our Project FUJI source code and download packages via pages or posts on this website, if we’re so inclined

Thanks for reading! We’ll update you again soon on our ongoing improvements!

Leave a Reply