27,414
edits
Changes
Jump to navigation
Jump to search
mLine 7:
Line 7: − + − + + + + + + − + − * Works with and without PHP safe_mode enabled. − * Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper). − + + + + + − + − + + + − − * No passwords in logs, even in technical logs.
→File:art.png Features
= [[File:art.png]] Features =
= [[File:art.png]] Features =
Dolibarr implements several security features. Among them :
Dolibarr implements several security features. Among them :
* Passwords can be encrypted in database.
* Password can be encoded in the Dolibarr configuration file (conf.php).
'''Encryption'''
* User passwords can be encrypted in database.
* Database technical password can be encoded in the [[Configuration_file|Dolibarr configuration file]] (conf.php).
* Possibility to force HTTPS.
* Possibility to force HTTPS.
'''Hacks and cracks'''
* Works with register_globals on or off (on highly recommended).
* Works with and without PHP safe_mode enabled (on recommended).
* Protection against SQL injection.
* Protection against SQL injection.
* Protection against CSRF (Cross Site Request Forgery)
* Protection against CSRF (Cross Site Request Forgery).
* Pages and contents are protected by permissions by groups or by users for each functional module (this feature is the only module you can't disable in Dolibarr).
'''Pages and files access'''
* Pages and contents are protected by permissions (granted on groups or users) for each functional module.
* Files saved by Dolibarr are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper).
* Dolibarr directories content can't be accessed even if Apache option Indexes has be forgotten to on (should not).
'''Login protection'''
* Delay anti brute force cracking on login page.
* Delay anti brute force cracking on login page.
* Graphical code against robots on login page.
* Graphical code (CAPTCHA) against robots on login page.
* Logger to save permanently all Dolibarr events, like successful or failed logins.
* No passwords in logs, even in technical logs.
* Internal logger to save permanently all Dolibarr events about user's administration and successful or failed logins.
'''Viruses'''
* Possibility to run an anti-virus on every uploaded file.
* Possibility to run an anti-virus on every uploaded file.