Security information

From Dolibarr ERP CRM Wiki

Revision as of 14:30, 23 May 2009 by Eldy (talk | contribs) (→‎File:art.png Features)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Alerts

No security bugs known at the moment.

Features

Dolibarr implements several security features. Among them :

Passwords can be encrypted in database.
Password can be encoded in the Dolibarr configuration file (conf.php).
Possibility to force HTTPS.

Protection against SQL injection.
Protection against CSRF (Cross Site Request Forgery)
Works with and without PHP safe_mode enabled.
Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper).

Pages and contents are protected by permissions by groups or by users for each functional module (this feature is the only module you can't disable in Dolibarr).

Delay anti brute force cracking on login page.
Graphical code against robots on login page.
Logger to save permanently all Dolibarr events, like successful or failed logins.

Possibility to run an anti-virus on every uploaded file.

No passwords in logs, even in technical logs.

Retrieved from "https://wiki.dolibarr.org/index.php?title=Security_information&oldid=12053"