[Vtigercrm-developers] Fwd: Security?
Vic Cekvenich
vic.cvc at gmx.com
Sun Aug 17 19:14:41 GMT 2014
-------- Original Message --------
Subject: [Vtigercrm-developers] Security?
Date: Tue, 1 Jul 2014 07:43:55 +0000
From: Zebra Hosting <support at zebrahosting.eu>
Reply-To: vtigercrm-developers at lists.vtigercrm.com
To: vtigercrm-developers at lists.vtigercrm.com
<vtigercrm-developers at lists.vtigercrm.com>
Since the CRM is used to store a lot of personal data, I was wondering
how secure vTiger is and if there are any extra options we could discuss.
Let me start with a few points:
1. At the login I don’t see something simple as brute force protection.
2. The standard admin user cannot be changed, it needs another account
and then needs to be deleted. Using standard admin usernames is bad
practice.
3. Having the vTiger name and even the version number at the login
screen makes it very easy for hackers .
4. It would be nice to have a black/whitelist to restrict access by IP.
(yes I know htaccess could be used but I talking about average users)
5. Use the http://www.projecthoneypot.org/ project to ban access at the
gate for spammers. (Works so very well in Joomla, I don’t need to use
captcha’s anymore )
6. Big warning in the installer to use https:// to encrypt the
loginscreen pw.
7. Minimum password length/complexity
Just some thoughts.
Bastiaan Houtkooper
Zebra Hosting
-------------- next part --------------
_______________________________________________
http://www.vtiger.com/
More information about the vtigercrm-developers
mailing list