[Vtigercrm-developers] vtiger 6.4 : to find active sessions of a user
Błażej Pabiszczak
b.pabiszczak at yetiforce.com
Tue Apr 26 08:57:16 GMT 2016
You, as a community responsible for a key business system, cannot ignore
security issues in such a way. Mechanisms such as sessions, password
encryptions etc. should be considered business-wise as well as
technical-wise. I recommend reading this
https://www.owasp.org/images/6/67/OWASPApplicationSecurityVerificationStandard3.0.pdf
It explains why Vtiger is only a toy in large companies, it isn't a
professional system that might be considered to be used. If you deploy
the mechanisms described in OWASP, you will solve all problems,
including these with user sessions.
---
Z poważaniem / Regards
BŁAŻEJ PABISZCZAK
_Chief Executive Officer_
M: +48.884999123
E: b.pabiszczak at yetiforce.com
-------------------------
YetiForce 3.0 LTS has arrived! Test [1] the latest, most innovative open
source system in the world, and join [2] our community.
W dniu 2016-04-25 07:55, Preexo napisał(a):
> Why not, you could even instead of deleting them all go through them with a
> custom workflow and only delete the ones which belong to each of the users?
>
> VTE wrote
>
>> Not a perfect solution, but does the trick:
>>
>> rm -f /var/lib/php5/sess_*
>
> --
> View this message in context: http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-vtiger-6-4-to-find-active-sessions-of-a-user-tp18864p18869.html
> Sent from the vtigercrm-developers mailing list archive at Nabble.com.
> _______________________________________________
> http://www.vtiger.com/
Links:
------
[1] https://gitdeveloper.yetiforce.com/
[2] https://github.com/YetiForceCompany/YetiForceCRM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20160426/adced62e/attachment.html>
More information about the vtigercrm-developers
mailing list