There definitely should be an option to enforce secure SSL connection with the app
I've made some work-around in after login global hook:
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
But this does not secure logon screen
On the other hand is there any protection against trying to scan password?
(I mean using bot that logs time after time)
SSL Enforcing and password hacking
Re: SSL Enforcing and password hacking
Try using this code on the top of "__global.php" directly after the opening tag <?php rather than inside the login_ok hook.
Invalid logins cause the application to return a "403 Forbidden" header ... You can use a tool like CSF for example to block IPs after, say, 10 occurances of 403 statuses within 10 minutes ... this would effectively block brute force attacks.
Invalid logins cause the application to return a "403 Forbidden" header ... You can use a tool like CSF for example to block IPs after, say, 10 occurances of 403 statuses within 10 minutes ... this would effectively block brute force attacks.
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.
Re: SSL Enforcing and password hacking
what about .htaccess ?
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
Re: SSL Enforcing and password hacking
Indeed, that's a much more elegant solution, @jeevay. Thanks for sharing!
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.