FOR ARCHIVAL PURPOSES ONLY

The information in this wiki hasn't been maintained for a good while. Some of the projects described have since been deprecated.

In particular, the "Ushahidi Platform v3.x" section contains information that is often misleading. Many details about this version of Platform have changed since.

This website is an extraction of the original Ushahidi wiki into a static form. Because of that, functions like logging in, commenting or searching will not work.

For more documentation, please refer to https://docs.ushahidi.com

Versions Compared

Old Version 15

changes.mady.by.user Robbie Mackay

Saved on

compared with

New Version Current

changes.mady.by.user Robbie Mackay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide is based on recommendations for deploying Kohana to production: http://docs.kohanaphp.com/installation/deployment

  • Set your encryption key
    • Edit application/config/encryption.php and change the following line:
      Code Block
      
$config['default']['key'] = 'USHAHIDI-INSECURE';
      For best security, your encryption key should be at least 16 character long and contain letters, numbers, and symbols.
      (Do not use a hash as your key. This significantly lowers encryption entropy.)
    Set your cookie domain - this restricts cookies to being accessed only by your domain

    • Edit application/config/cookie.php and change the following line to your domain name (without the www):

      Code Block
    • $config['domain'] = '';

      Example:

      Code Block
      $config['domain'] = 'mymap.com';
  • Enable HTTPS / SSL
    • Purchase a valid SSL certificate (many hosting companies can do this for you or try a major provide like verisign.com)
      • You need a valid certificate, not a self-signed cert or your users will get a big scary warning the first time they access your site.
    • Install the SSL certificate on your server (again - many hosting companies can do this for you)
      There are many guides online for how to install SSL certificates, and companies that sell certificates often provide install instructions.

    • Set site protocol to https
      Edit application/config/config.php and change the following line:

      Code Block
      
$config['site_protocol'] = 'http';

      to

      Code Block
      
$config['site_protocol'] = 'https';

    • Set SECURE flag on cookies - this restricts cookies to only be accessed over SSL.
      Edit application/config/cookie.php and change the following line:

      Code Block
      
$config['secure'] = FALSE;

      to

      Code Block
      
$config['secure'] = TRUE;
  • Delete the installer
    • The installer is a potential security vulnerability.
    • While we try our best to make sure it can't be exploited, the installer should be deleted once you're deployment is up and running
    • Delete the entire installer/ directory and its contents.

Before you install

  • Change the auth salt pattern (requires version 2.5+)
    WARNING: ONLY DO THIS ON A NEW INSTALLATION. Doing this on an existing installation will prevent all existing users from logging in.Set your encryption key Since Ushahidi 2.5 this is done automatically in the installer

    • Edit application/config/

    auth

    • encryption.php and change the following line

    to a different sequence of numbers

    • :

      Code Block
    • $config['
    salt_pattern
    • default']['key'] = '
    3, 5, 6, 10, 24, 26, 35, 36, 37, 40'; The length of the salt is determined by the number of offsets, so more numbers in the sequence is better.
    • USHAHIDI-INSECURE';

      Your encryption key should be at least 16 character long and contain letters, numbers, and symbols.
      (Do not use a hash as your key. This significantly lowers encryption entropy.)