Menu Content

Shopping Cart

cart
Your Cart is currently empty.

Currencies Accepted


Examples

Newsletter

Subscribe to our newsletter


Move
Close

Name:

Email:

Like it? Share it!

Find Us Elsewhere

Follow us on Twitter

Home Joomla Tips Joomla Password Security

Joomla Password Security PDF Print E-mail

Recent discussions in the Joomla! security forum have made it clear that a particular weak point of the Joomla security system is the front-end password reset function. If your site includes any extension that is vulnerable to a relatively common security problem - sql injection - then an attacker can potentially abuse the password reset function to change your administrator password. They can do this even if you do not display the login module in your front-end.

The problem is that vulnerability to sql injection is a fairly common problem, and is likely to remain so for the near future. It is the sort of mistake that even experienced programmers can occasionally let slip through.

So it is strongly advisable to take steps to guard your site against this. As a first step you should always check any extension against the list of vulnerable extensions before installing it. However that is never going to protect you completely, because obviously the list only includes those with known vulnerabilities.

Ideally you want to protect against unknown vulnerabilities as well. This is why we think it makes sense to be able to block the password reset function for administrative users, and it is why we have created our 'block password reset' system plugin. This is a non-commercial plugin (and will remain so), and is freely downloadable.

Unlike other approaches to this problem it does not require any hacks to the core Joomla! code. You just install it like any other plugin and select the users or groups for which you wish to block the password reset function through the plugin parameters. At the moment it is just designed to work with the Joomla! user component, but we plan to extend it to work with other registration systems as well, such as community builder, if there is a demand for it.

If you use this plugin you should be reasonably confident that you are not going to forget your admin password, because will make it impossible to use the password reset function. However if you do forget, and you have access to your site database then you will still be able to reset your password directly through your database admin. There is documentation available on the Joomla! site about how to do this.

 

 

Spiral Scripts
Written on Monday, 21 December 2009 12:17 by Spiral Scripts

Viewed 2014 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of How-To  How-To / Subscribe to the RSS feed of Joomla Tips  Joomla Tips
Like this? Let your friends know now!

Latest articles from Spiral Scripts

Latest 'tweets' from Spiral Scripts

  • Have you tried our Joomla puzzle game? It converts your site photos into an entertaining puzzle game - great for... http://fb.me/wwtKpAYm Link Monday, 30 August 2010 10:33
  • We are currently converting all our extensions for compatibility with Joomla 1.6 as well as Joomla 1.5. http://www.spiralscripts.co.uk Link Monday, 30 August 2010 10:31
  • Swiftgallery Now Supports Joomla 1.6 http://goo.gl/fb/JDmAt Link Sunday, 22 August 2010 17:57
  • Swiftgallery Now Supports Joomla 1.6: Swiftgallery, our image gallery component extension for Joomla now supports ... http://bit.ly/dAtsN3 Link Sunday, 22 August 2010 17:25
  • Updates to Amazon Plugins - Joomla 1.6 Compatibility: Our Amazon Web Services content plugin for Joomla is now com... http://bit.ly/bN2eQr Link Tuesday, 17 August 2010 12:03
blog comments powered by Disqus
back to top
 
 
 

VirtueMart Featured Products Grid

Switch View


A featured items module that shows selected entries from the SOBI2 business index.
Featured Items SOBI

£12.00



*****Now compatible with Joomla 1.6******* A Flash puzzle game for the Joomla! content management system. This would be suitable for a site aimed at children. Compatible with Joomla 1.5 and Joomla 1.6.
Com Jigsaw

£10.00



*****Now compatible with Joomla 1.6******* A module extension for the the Joomla 1.5 + 1.6 CMS. It displays a short excerpt from articles in a selected category or section, or from a specified list of articles, with link and optional thumbnail image.
Mod Featured Items Pro

£10.00



*****Now compatible with Joomla 1.6******* A module extension for the the Joomla 1.5 and Joomla 1.6 CMS. It plays a random list of mp3s using the Flash media player.
Mod Random MP3 Pro

£12.00

 
 

fitness