activeCollab application is secure right out of the box, but there are still a couple of things that you can do to make your own setup of it as secure as possible:
Installing the system above the site root ensures that only files from the /public folder are publicly available, while all other files are not accessible on the web. Even though the system encodes file names and comes with .htaccess rotection by default for folders with sensitive data (/upload, /thumbnails and other), the very best approach is to have them installed above the site root.
Instructions on how to set up the activeCollab in this way are available here: /public Folder as Document Root.
activeCollab is protocol agnostic, so if your server supports SSL and has proper certificates installed, it will work on HTTPS as well as on HTTP. All you need to do is to run the Installer on the proper protocol and it will use the HTTPS URL automatically.
If you have activeCollab already installed on HTTP, and then decide to add a certificate later so it can work over HTTPS, you can change the protocol in the config/config.php file:
define('ROOT_URL', 'http://example.com/public')
All you need to do is to use https:// instead of http:// protocol in ROOT_URL value:
define('ROOT_URL', 'https://example.com/public')
After you have updated the ROOT_URL don't forget to delete files with "cch_" in the beginning in your /cache folder and files with "%%" from the /compile folder.
When you use the system over SSL, browsers will not cache CSS, JavaScript or image files. This may have a significant impact on how quickly pages are loaded. Due to this, we recommend using SSL only when you are working with sensitive data.
activeCollab is a fine product of A51 d.o.o
activeCollab name and logo are trademarks or registered trademarks of A51 d.o.o.