[Vtigercrm-developers] Security?

[Zebra Hosting]

Since the CRM is used to store a lot of personal data, I was wondering how secure vTiger is and if there are any extra options we could discuss.

Let me start with a few points:
1. At the login I don’t see something simple as brute force protection.
2. The standard admin user cannot be changed, it needs another account and then needs to be deleted. Using standard admin usernames is bad practice.
3. Having the vTiger name and even the version number at the login screen makes it very easy for hackers .
4. It would be nice to have a black/whitelist to restrict access by IP. (yes I know htaccess could be used but I talking about average users)
5. Use the http://www.projecthoneypot.org/ project to ban access at the gate for spammers. (Works so very well in Joomla, I don’t need to use captcha’s anymore )
6. Big warning in the installer to use https:// to encrypt the loginscreen pw.
7. Minimum password length/complexity

Just some thoughts.

Bastiaan Houtkooper
Zebra Hosting




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140701/4a848538/attachment.html>