Changes

Jump to navigation Jump to search

Security information

337 bytes added, 10 years ago
m
= [[File:art.png]] Features =
Dolibarr implements several security features. Among them :
 '''Encryption'''* Passwords User passwords can be encrypted in database.* Password Database technical password can be encoded in the [[Configuration_file|Dolibarr configuration file ]] (conf.php).
* Possibility to force HTTPS.
'''Hacks and cracks'''
* Works with register_globals on or off (on highly recommended).
* Works with and without PHP safe_mode enabled (on recommended).
* Protection against SQL injection.
* Protection against CSRF (Cross Site Request Forgery)* Works with and without PHP safe_mode enabled.* Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper).
'''Pages and files access'''* Pages and contents are protected by permissions by (granted on groups or by users ) for each functional module .* Files saved by Dolibarr are stored in a different root directory than web application (this feature is so they can not be downloaded without passing by the only module you Dolibarr wrapper).* Dolibarr directories content can't disable in Dolibarrbe accessed even if Apache option Indexes has be forgotten to on (should not).
'''Login protection'''
* Delay anti brute force cracking on login page.
* Graphical code (CAPTCHA) against robots on login page.* Logger No passwords in logs, even in technical logs.* Internal logger to save permanently all Dolibarr events, like about user's administration and successful or failed logins.
'''Viruses'''
* Possibility to run an anti-virus on every uploaded file.
 
* No passwords in logs, even in technical logs.

Navigation menu