Difference between revisions of "Security information"

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search
Line 4: Line 4:
 
No security bugs known at the moment.
 
No security bugs known at the moment.
  
= Fonctionnalités =
+
= Features =
Dolibarr intègre les mécanismes de sécurité suivant :
+
Dolibarr implements a several security features. Among them :
* Aucun traçage de mot de passe dans les lig techniques.
+
* No passwords in logs, even technical logs.
* Cryptage des mots de passe utilisateurs en base.
+
* Passwords can be crypted in database.
* Cryptage possible du mot de passe base dans le fichier de configuration.
+
* Password can be encoded in the Dolibarr configuration file (conf.php).
* Système de protection anti injection SQL.
+
* Anti SQL injection mechanism.
* Support ou non du mode safe_mode de PHP.
+
* Support or not ofr PHP safe_mode.
* Isolation des fichiers stockés dans une arborescence différente de l'appli web (donc non téléchargeable sans passer par le wrapper Dolibarr).
+
* Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper).
* Pages et contenus protégées par un système d'habilitations par groupe ou utilisateur pour chaque module fonctionnel (seule fonctionnalité de Dolibarr non débrayable).
+
* Pages and contents are protected by permissions by groups or by users for each functionnal module (this feature is the only module you can't disable in Dolibarr).
* Retardateur anti brute force cracking sur la page de login.
+
* Delay anti brute force cracking on login page.
* Code graphique optionnel anti robot sur la page de login.
+
* Graphical code against robots on login page.
* Système d'audit pour logguer de manière permanante les évenements Dolibarr, dont les logins en succès ou en échec.
+
* Logger to save permanently all Dolibarr events, like successful or failed logins.
* Possibilité de forcer le mode HTTPS.
+
* Possibility to force HTTPS.
* Possibilité d'insérer un controle antivirus sur tout fichier uploadé.
+
* Possibility to run an anti-virus on every uploaded file.

Revision as of 15:06, 12 March 2009

En verysmall.png Page waiting for translation. To translate, create an account, go back and clic on "Modify".
Fr verysmall.png Page en attente de traduction. Pour traduire, créez un compte, revenez et cliquez sur "Modifier".
Es verysmall.png Página a traducir. Para traducirla, cree una cuenta, vuelva a la página y haga clic en "editar".
It verysmall.png Pagina da tradurre. Per tradurla, crea un utente, torna indietro e clicca su "modifica".
Pt verysmall.png Página a aguardar por tradução. Para traduzir, crie uma conta, volte atrás e clique em "Modificar".
De verysmall.png Seite wartet auf Übersetzung. Um Übersetzung zu erstellen, richte einen Account ein, geh zurück und klicke auf "bearbeiten".

Alerts

No security bugs known at the moment.

Features

Dolibarr implements a several security features. Among them :

  • No passwords in logs, even technical logs.
  • Passwords can be crypted in database.
  • Password can be encoded in the Dolibarr configuration file (conf.php).
  • Anti SQL injection mechanism.
  • Support or not ofr PHP safe_mode.
  • Files saved by application are stored in a different root directory than web application (so they can not be downloaded without passing by the Dolibarr wrapper).
  • Pages and contents are protected by permissions by groups or by users for each functionnal module (this feature is the only module you can't disable in Dolibarr).
  • Delay anti brute force cracking on login page.
  • Graphical code against robots on login page.
  • Logger to save permanently all Dolibarr events, like successful or failed logins.
  • Possibility to force HTTPS.
  • Possibility to run an anti-virus on every uploaded file.