Pre-Install Questions
- whitepj
- OFFLINE
-
New Member
- Posts: 1
- Thanks: 0
- Karma: 0
4 years 1 month ago #317065
by whitepj
Pre-Install Questions was created by whitepj
Hi There,
I'm doing preliminary work to set up a small community project with user registration and simple restricted content. So, at first glance CB looks perfect. I've briefly played with the demo, and am going through the downloaded PDF manual...
Page 19: "The CB Login module replaces the Joomla Login module..."
Sorry -- this make me nervous. Aren't we potentially changing the underlying security process here? The first thing that I did when setting up me test-bed site was to enable 2FA via the Yubikey -- and I can't see how the CD login willow all me to log in with my current setup. Eventually, it is my plan to migrate to FIDO2, since this has also been done elsewhere (and was my main reason for choosing Joomla). I have a general approach of avoiding extra unnecessary code wherever possible.
So, not knowing anything at all about extensions, modules, plugins, etc., how easy is it going to be to disable (or even remove) the CB login code?
Also, if I do depart from the manual, what functionality am I going to lose, and is this likely to be critical?
Thanks
I'm doing preliminary work to set up a small community project with user registration and simple restricted content. So, at first glance CB looks perfect. I've briefly played with the demo, and am going through the downloaded PDF manual...
Page 19: "The CB Login module replaces the Joomla Login module..."
Sorry -- this make me nervous. Aren't we potentially changing the underlying security process here? The first thing that I did when setting up me test-bed site was to enable 2FA via the Yubikey -- and I can't see how the CD login willow all me to log in with my current setup. Eventually, it is my plan to migrate to FIDO2, since this has also been done elsewhere (and was my main reason for choosing Joomla). I have a general approach of avoiding extra unnecessary code wherever possible.
So, not knowing anything at all about extensions, modules, plugins, etc., how easy is it going to be to disable (or even remove) the CB login code?
Also, if I do depart from the manual, what functionality am I going to lose, and is this likely to be critical?
Thanks
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68518
- Thanks: 9088
- Karma: 1434
4 years 1 month ago #317075
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Pre-Install Questions
Nope, the login process still goes through Joomla API followed by our API. It's an extension onto Joomlas.Sorry -- this make me nervous. Aren't we potentially changing the underlying security process here?
CB supports 2FA authentication plugins. When "Two Factor Authentication - YubiKey" is published in Extensions > Plugins you should see the Secret Key parameter in your CB Login Module. The parameters for the user to configure 2FA are in their profile edit as part of the "params" field output.The first thing that I did when setting up me test-bed site was to enable 2FA via the Yubikey -- and I can't see how the CD login willow all me to log in with my current setup.
There's no reason not to use it. It works fine with Joomla authentication plugins as is. There is no official support for disabling it. CBs login process handles email confirmation validation, user approval validation, and anything that acts on CBs login triggers.So, not knowing anything at all about extensions, modules, plugins, etc., how easy is it going to be to disable (or even remove) the CB login code?
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: whitepj
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.145 seconds
-
You are here:
- Home
- Forums
- Community Discussions
- Community Builder
- Pre-Install Questions