Security - forgotten password.
beat
10 years 9 months ago #230682
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Replied by beat on topic Security - forgotten password.
Hi David,
Always good to see security reviews and tests.
Glad to see that only this item concerns CB
Yes, we are implementing a password reset mechanism similar to Joomla 2.5 in upcomming CB 2.0. We will discuss if we should backport this to CB 1.9.
As a general rule, if you have any security-related items, even minor, please use the "Contact" link at bottom of any page for private reporting instead of posting in forum.
Always good to see security reviews and tests.
Glad to see that only this item concerns CB
Yes, we are implementing a password reset mechanism similar to Joomla 2.5 in upcomming CB 2.0. We will discuss if we should backport this to CB 1.9.
As a general rule, if you have any security-related items, even minor, please use the "Contact" link at bottom of any page for private reporting instead of posting in forum.
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
10 years 9 months ago #230683
by 3cellhosting
David
www.3cellhosting.com - where personality, creativity and integrity come as standard.
Replied by 3cellhosting on topic Security - forgotten password.
Hi Beat,
To my mind it was not really a security issue as the email from Joomla could also be intercepted and actioned but that is a one time use. Still the same ultimate risk.
After 1 week of server penetration tests they only came up with 6 medium risks and 8 low risks and 4 information points - 2 of the medium risks can be cured by client having SSL certificate installed. To me that is a great reason for using Joomla and reliable 3rd party extensions such as CB and CB subs.
Point taken about real security issues and use of 'contact us' rather than a forum board.
To my mind it was not really a security issue as the email from Joomla could also be intercepted and actioned but that is a one time use. Still the same ultimate risk.
After 1 week of server penetration tests they only came up with 6 medium risks and 8 low risks and 4 information points - 2 of the medium risks can be cured by client having SSL certificate installed. To me that is a great reason for using Joomla and reliable 3rd party extensions such as CB and CB subs.
Point taken about real security issues and use of 'contact us' rather than a forum board.
David
www.3cellhosting.com - where personality, creativity and integrity come as standard.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.209 seconds
