Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.
Please keep in mind:
Is there a way to reinstall chevereto without losing the website data to modify the Crypt salt special code?If you modify the salt all the old content URLs will stop working. The salt controls how the public ids are encoded, is just the token used to don't have the same encoded ids in different installs.
The salt is not intended to be customizable.
chv_settings.crypt_salt
Because the virtual host directory where I stored the Chevereto program may be implanted with backdoor code, etc., I am afraid, so I want to modify the features of the currently installed Chevereto program, such as Crypt salt, and download and install Chevereto again. Program, I think I'm particularly scared. Can you give me some suggestions? Also I don't want to clean and remove the backdoor code without losing the current data.I don't understand why you have the urge to change this value. I will just describe how it works and I hope that it helps you to achieve what you are trying to do.
The crypt salt is designed to convert int values like 12345 into KfN or LmnI, or K4w, hfN4df, etc. It is used internally to encode/decode the public ID values by providing a random+unique factor. The salt is designed to provide unique public ids for your installation, which makes significantly harder to attempt cheap attacks on content enumeration.
For the system itself, a change in the salt won't break anything. This is because the salt applies globally, the system is not affected by its change. However, any external link on public IDs (images/<id>, album/<id>) will stop working, because these links are reflecting IDs generated with another salt.
If you don't care about the external links then go ahead and change it. Assuming your DB table prexif is "chv_", the value to change in your database is atchv_settings.crypt_salt
Ok i will do it.I'm afraid that altering the crypt_salt won't make your installation safer. This is because the crypt_salt is used only for ids, everything else uses time based ciphers so passwords can't be cracked by knowing the crypt_salt.
If you concern about the system integrity, I suggest you to do a code compare in the entire folder. Simply compare yours with the stock installation using software like Beyond Compare (there are many more).
As for the DB, check that there aren't unwanted admin users in the chv_users table. You should also remove all cookie logins at chv_logins.
There are dozen more measures that you can do, but at this time I recommend you to analyze your website backup in local and proceed from there.
Can you elaborate on that? Is Plesk telling you that the system is insecure?It keeps reminding me that installing Chevereto's website is risky.
I don't think you need to worry about the Chevereto software.I use the Plesk web hosting management panel. It keeps reminding me that installing Chevereto's website is risky. I worry about important data files being hacked.
No, Chevereto is safe.Can you elaborate on that? Is Plesk telling you that the system is insecure?