Line 6: |
Line 6: |
| * Passwords can be encrypted in database. | | * Passwords can be encrypted in database. |
| * Password can be encoded in the Dolibarr configuration file (conf.php). | | * Password can be encoded in the Dolibarr configuration file (conf.php). |
| + | * Possibility to force HTTPS. |
| + | |
| * Protection against SQL injection. | | * Protection against SQL injection. |
| * Protection against CSRF (Cross Site Request Forgery) | | * Protection against CSRF (Cross Site Request Forgery) |
| * Works with and without PHP safe_mode enabled. | | * Works with and without PHP safe_mode enabled. |
| * Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper). | | * Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper). |
| + | |
| * Pages and contents are protected by permissions by groups or by users for each functional module (this feature is the only module you can't disable in Dolibarr). | | * Pages and contents are protected by permissions by groups or by users for each functional module (this feature is the only module you can't disable in Dolibarr). |
| + | |
| * Delay anti brute force cracking on login page. | | * Delay anti brute force cracking on login page. |
| * Graphical code against robots on login page. | | * Graphical code against robots on login page. |
| * Logger to save permanently all Dolibarr events, like successful or failed logins. | | * Logger to save permanently all Dolibarr events, like successful or failed logins. |
− | * Possibility to force HTTPS.
| + | |
| * Possibility to run an anti-virus on every uploaded file. | | * Possibility to run an anti-virus on every uploaded file. |
| + | |
| * No passwords in logs, even in technical logs. | | * No passwords in logs, even in technical logs. |