SSL Enforcing and password hacking

Wish to see a specific feature/change in future releases? Feel free to post it here, and if it gets enough "likes", we'd definitely include it in future releases!
Post Reply
tymek2
Posts: 3
Joined: 2015-12-11 14:39

SSL Enforcing and password hacking

Post by tymek2 » 2016-02-03 18:51

There definitely should be an option to enforce secure SSL connection with the app

I've made some work-around in after login global hook:
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
But this does not secure logon screen

On the other hand is there any protection against trying to scan password?
(I mean using bot that logs time after time)

User avatar
a.gneady
Site Admin
Posts: 1281
Joined: 2012-09-27 14:46
Contact:

Re: SSL Enforcing and password hacking

Post by a.gneady » 2016-02-03 19:57

Try using this code on the top of "__global.php" directly after the opening tag <?php rather than inside the login_ok hook.

Invalid logins cause the application to return a "403 Forbidden" header ... You can use a tool like CSF for example to block IPs after, say, 10 occurances of 403 statuses within 10 minutes ... this would effectively block brute force attacks.
:idea: AppGini plugins to add more power to your apps:
  • DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
  • Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
  • Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.

jeevay
Posts: 1
Joined: 2016-04-23 21:17

Re: SSL Enforcing and password hacking

Post by jeevay » 2016-04-23 21:25

what about .htaccess ?

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

User avatar
a.gneady
Site Admin
Posts: 1281
Joined: 2012-09-27 14:46
Contact:

Re: SSL Enforcing and password hacking

Post by a.gneady » 2016-04-24 20:22

Indeed, that's a much more elegant solution, @jeevay. Thanks for sharing!
:idea: AppGini plugins to add more power to your apps:
  • DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
  • Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
  • Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.

Post Reply