Joomla Password Security

Shopping Cart

Your Cart is currently empty.

Currencies Accepted

Subscribe to our newsletter

Move

Like it? Share it!

Find Us Elsewhere

Home

Joomla Tips

Joomla Password Security

Recent discussions in the Joomla! security forum have made it clear that a particular weak point of the Joomla security system is the front-end password reset function. If your site includes any extension that is vulnerable to a relatively common security problem - sql injection - then an attacker can potentially abuse the password reset function to change your administrator password. They can do this even if you do not display the login module in your front-end.

The problem is that vulnerability to sql injection is a fairly common problem, and is likely to remain so for the near future. It is the sort of mistake that even experienced programmers can occasionally let slip through.

So it is strongly advisable to take steps to guard your site against this. As a first step you should always check any extension against the list of vulnerable extensions before installing it. However that is never going to protect you completely, because obviously the list only includes those with known vulnerabilities.

Ideally you want to protect against unknown vulnerabilities as well. This is why we think it makes sense to be able to block the password reset function for administrative users, and it is why we have created our 'block password reset' system plugin. This is a non-commercial plugin (and will remain so), and is freely downloadable.

Unlike other approaches to this problem it does not require any hacks to the core Joomla! code. You just install it like any other plugin and select the users or groups for which you wish to block the password reset function through the plugin parameters. At the moment it is just designed to work with the Joomla! user component, but we plan to extend it to work with other registration systems as well, such as community builder, if there is a demand for it.

If you use this plugin you should be reasonably confident that you are not going to forget your admin password, because will make it impossible to use the password reset function. However if you do forget, and you have access to your site database then you will still be able to reset your password directly through your database admin. There is documentation available on the Joomla! site about how to do this.

Written on Monday, 21 December 2009 12:17 by Spiral Scripts

Viewed 806 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of How-To How-To / Subscribe to the RSS feed of Joomla Tips Joomla Tips

Like this? Let your friends know now!

Latest articles from Spiral Scripts

Browser Detection in Joomla posted on Monday, 08 March 2010 11:19
It is often the case that as web developers we need to add some extra…
Browser Detection in Joomla posted on Monday, 08 March 2010 11:19
It is often the case that as web developers we need to add some extra…
A Stormy Sea posted on Friday, 05 March 2010 19:43
A stormy sea at Spittal in Northumberland. The dark storm clouds with occasional patches of…
The Sea at Spittal posted on Friday, 05 March 2010 19:38
A view of the sea at Spittal in Northumberland. I like the contrast between the…
On the Sea Front posted on Friday, 05 March 2010 19:21
A view of the sea-front at Spitall in Northumberland. It was a bright but very…

Latest 'tweets' from Spiral Scripts

Browser Detection in Joomla http://goo.gl/fb/xef6 Link Tuesday, 09 March 2010 13:07
RT @spiralscripts Browser Detection in Joomla | Joomla Tips http://tinyurl.com/y8e5vkk Link Monday, 08 March 2010 11:31
Updates to Featured Items Modules: We have introduced some major updates to our Featured Items Pro and Featured It... http://bit.ly/ctaofb Link Friday, 05 March 2010 19:24
Updates to Featured Items Modules http://goo.gl/fb/mte6 Link Friday, 05 March 2010 17:39
Improved Image Handling in our Slideshow Module: We have improved image handling in our Featured Items Slideshow M... http://bit.ly/bki3x4 Link Tuesday, 02 March 2010 20:58

blog comments powered by Disqus

VirtueMart Featured Products Grid

Switch View

A module extension for the the Joomla 1.5 CMS. It displays a short excerpt from articles in a selected category or section, or from a specified list of articles, with link and optional thumbnail image.

Mod Featured Items Pro

£10.00

A module extension for the the Joomla 1.5 CMS. It plays a random list of mp3s using the Flash media player.

Mod Random MP3 Pro

£12.00

Mod Featured Items Carousel

£12.00

A featured items module that shows selected entries from the SOBI2 business index.

Shop

Joomla Components Joomla Modules Joomla Plugins Joomla Templates

List All Products
Product Search Advanced Search
Username Password Remember me
Lost Password?
Forgot your username?
No account yet? Register

Download Area