[Solar-svn] Revision 3253

[pmjones at solarphp.com]

add a readme for first-timers


Added: system/README
===================================================================
--- system/README	                        (rev 0)
+++ system/README	2008-07-26 17:28:19 UTC (rev 3253)
@@ -0,0 +1,45 @@
+SECURITY NOTE
+=============
+
+The default system comes with a root `index.php` file.  This is provided for
+first time users, who (of course) need quick feedback that the system is 
+working, and who are likely to have placed the entire system in the document
+root.
+
+This is a highly insecure technique, provided **only** for quick-start
+purposes. Web clients will be able to browse all the files in the system, not
+just the public ones.
+
+Our **very strong recommendation** is that you delete the root `index.php`
+file, and instead, point your web server document root to `system/docroot/`.
+Setting up a virtual host for this is generally best.
+
+
+Writable Directories
+====================
+
+Be sure to make the `sqlite/` and `tmp/` directories fully-accessible to the
+web server process. The easiest (but least-secure) way to do this is to allow
+all users read/write/execute privileges:
+
+{{code: bash
+    chmod -R 777 sqlite
+    chmod -R 777 tmp
+}}
+
+Alternatively, as a more-secure method, you may wish to `chown` or `chgrp`
+those files to the web server process, and set `chmod 750` on them.
+
+
+Authentication Credentials
+==========================
+
+The default authentication credentials are stored in `config/auth.ini`. They
+are:
+
+    handle: admin
+    passwd: changeme
+
+Please change them immediately. In fact, once you know how, start using
+something other than the `Solar_Auth_Adapter_Ini` class for authentication
+(e.g., using `Solar_Auth_Adapter_Htaccess` is a good next step).