|
|
 Burge Lab - 2017-01-03 04:41:21 - In reply to message 50 from Burge LabHi Joseph,
Now, other things you should do to secure your app:
1) In line 30, file "application/helpers/constants_helper.php" , you see:
define("ADMIN_URL_FOLDER","admin");
you should change it to
define("ADMIN_URL_FOLDER","JosephSecureAdmin2017");
which "JosephSecureAdmin2017" can be each mixture such as "34tgfas43tgsd" or "dasf4tgdsg5tgrtbrth45" or every thing else,
and after that, your admin environment of your application, which had the address of "subdomain.domain/admin" will be chaged to "subdomain.domain/JosephSecureAdmin2017" or every other expression you have used in line 30 to define "ADMIN_URL_FOLDER" and you can login to it by "subdomain.domain/JosephSecureAdmin2017/login"
By doing so, you can be sure that the admin environment cant be reached by any people.
You can change it periodically.
2) There are some other constants that you should change them. Since they are the same in each installation of BurgeCMF, thus you need to change them, so it's unavailable for your visitors to find out web framework you use. Some of them is not sent to visitor but its better to be changed to randomize.
In constants_helper:
- COOKIE_PREFIX
- SESSION_VARS_PREFIX
- VISITOR_TRACKING_COOKIE_NAME
- TRACKING_ENCRYPTION_KEY
- TRACKING_IV
In "config/config.php":
- $config['encryption_key']
- second part of definition of $config['sess_cookie_name']
- $config['csrf_token_name']
- $config['csrf_cookie_name']
** Note that you have to replace them with a random expression with the same length.
3) There are some other changes that allow you to personalize your application:
- lines 3,and 4 of "application/language/en/ae_general_lang.php"
- lines 5-9 of "application/language/en/ce_general_lang.php"
Joseph Schembri - 2017-01-03 06:29:50 - In reply to message 51 from Burge LabHi
I was having trouble with my email and finally got it going again.
Just a few questions to help get going again.:
You stated Access levels set the access of each user to modules, how do you set an access level?
I see users have a code, badmin (Code 10)
What is this Code and how do I assign. Can I just pick anything?
I sometimes have hard time reading captcha. How can I reduce the noise level (lines) to make it clearer. Sometimes cannot tell the difference between number 1 and capital I.
It looks like only capitals are used which helps.
Could I modify the sequence that is used to generate captcha.
After this, I will start with the other suggestions you have made.
Thanks
Burge Lab - 2017-01-03 06:41:28 - In reply to message 52 from Joseph Schembri1) You need just to visit "Access Levels" page to set access level of each user/user-group
2) User code is just a simple field. In many organizations, each employee has a code, so that it is easier to find him/her, and customers know people they are talking with their code.
3) You can change captcha algorith, in "init_helpers" in function get_captcha(). It's easy and you can change it.
Please send me email (koohi@burge.ir). That's easier to respond.
|
