<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>Since the CRM is used to store a lot of personal data, I was wondering how secure vTiger is and if there are any extra options we could discuss.</div>
<div><br>
</div>
<div>Let me start with a few points:</div>
<div>1. At the login I don’t see something simple as brute force protection.</div>
<div>2. The standard admin user cannot be changed, it needs another account and then needs to be deleted. Using standard admin usernames is bad practice.</div>
<div>3. Having the vTiger name and even the version number at the login screen makes it very easy for hackers . </div>
<div>4. It would be nice to have a black/whitelist to restrict access by IP. (yes I know htaccess could be used but I talking about average users)</div>
<div>5. Use the <a href="http://www.projecthoneypot.org/" style="font-size: medium; font-family: Arial;">http://www.projecthoneypot.org/</a> project to ban access at the gate for spammers. (Works so very well in Joomla, I don’t need to use captcha’s anymore
)</div>
<div>6. Big warning in the installer to use https:// to encrypt the loginscreen pw.</div>
<div>7. Minimum password length/complexity</div>
<div><br>
</div>
<div>Just some thoughts.</div>
<div><br>
</div>
<div>Bastiaan Houtkooper</div>
<div>Zebra Hosting</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<!--?xml version="1.0" encoding="UTF-8" standalone="no"?-->
</body>
</html>