[Vtigercrm-developers] Security?
Uma S
uma.s at vtiger.com
Tue Jul 1 08:15:55 GMT 2014
Hi,
Thanks for sharing security holes where we can improve a lot to reduce
chances for hackers. I have created trac
<http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8117>for same. Please have
a look and update your observation. Will look into this soon.
On Tue, Jul 1, 2014 at 1:13 PM, Zebra Hosting <support at zebrahosting.eu>
wrote:
> Since the CRM is used to store a lot of personal data, I was wondering
> how secure vTiger is and if there are any extra options we could discuss.
>
> Let me start with a few points:
> 1. At the login I don’t see something simple as brute force protection.
> 2. The standard admin user cannot be changed, it needs another account and
> then needs to be deleted. Using standard admin usernames is bad practice.
> 3. Having the vTiger name and even the version number at the login screen
> makes it very easy for hackers .
> 4. It would be nice to have a black/whitelist to restrict access by IP.
> (yes I know htaccess could be used but I talking about average users)
> 5. Use the http://www.projecthoneypot.org/ project to ban access at the
> gate for spammers. (Works so very well in Joomla, I don’t need to use
> captcha’s anymore )
> 6. Big warning in the installer to use https:// to encrypt the
> loginscreen pw.
> 7. Minimum password length/complexity
>
> Just some thoughts.
>
> Bastiaan Houtkooper
> Zebra Hosting
>
>
>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
--
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140701/9fe19635/attachment.html>
More information about the vtigercrm-developers
mailing list