Menu Content

Currencies Accepted


Shopping Cart

cart
Your Cart is currently empty.

How to Download A Product

For most of our products, including the free ones, you will need to go through checkout and place an order.

Read More

 

Find Us Elsewhere

Follow us on Twitter

Spiral Scripts on Facebook

rapidssl_ssl_certificate
2Checkout.com is a worldwide leader in payment services

Google ads

Home » Joomla Tips » Joomla Password Security

Joomla Password Security PDF Print E-mail

Recent discussions in the Joomla! security forum have made it clear that a particular weak point of the Joomla security system is the front-end password reset function. If your site includes any extension that is vulnerable to a relatively common security problem - sql injection - then an attacker can potentially abuse the password reset function to change your administrator password. They can do this even if you do not display the login module in your front-end.

The problem is that vulnerability to sql injection is a fairly common problem, and is likely to remain so for the near future. It is the sort of mistake that even experienced programmers can occasionally let slip through.

So it is strongly advisable to take steps to guard your site against this. As a first step you should always check any extension against the list of vulnerable extensions before installing it. However that is never going to protect you completely, because obviously the list only includes those with known vulnerabilities.

Ideally you want to protect against unknown vulnerabilities as well. This is why we think it makes sense to be able to block the password reset function for administrative users, and it is why we have created our 'block password reset' system plugin. This is a non-commercial plugin (and will remain so), and is freely downloadable.

Unlike other approaches to this problem it does not require any hacks to the core Joomla! code. You just install it like any other plugin and select the users or groups for which you wish to block the password reset function through the plugin parameters. At the moment it is just designed to work with the Joomla! user component, but we plan to extend it to work with other registration systems as well, such as community builder, if there is a demand for it.

If you use this plugin you should be reasonably confident that you are not going to forget your admin password, because will make it impossible to use the password reset function. However if you do forget, and you have access to your site database then you will still be able to reset your password directly through your database admin. There is documentation available on the Joomla! site about how to do this.

 

 

Spiral Scripts
Written on Monday, 21 December 2009 12:17 by Spiral Scripts

Viewed 3845 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of How-To  How-To / Subscribe to the RSS feed of Joomla Tips  Joomla Tips
Like this? Let your friends know now!

Latest articles from Spiral Scripts

  • New Image Slideshow for Joomla 1.6/1.7/2.5 posted on Monday, 23 January 2012 17:27

    We are happy to announce the release of our new image slideshow module for Joomla…

  • Mod Panel Slider Documentation posted on Saturday, 21 January 2012 10:42

    Our Panel Slider Module displays your images in an attractive and unusual scrolling slideshow. Display…

  • New Tool for Joomla Developers posted on Saturday, 14 January 2012 11:51

    Self-Replicating Form Field for Joomla There are times as a Joomla extension developer when it…

  • Variable Form Field Documentation posted on Thursday, 12 January 2012 13:24

    The variable field form field can be used to generate self-replicating fields of most of…

  • Virtuemart 2.0 Released posted on Thursday, 05 January 2012 11:16

    On 19th December the much anticipated Virtuemart 2.0.0 was released. This is a great achievement…

Latest 'tweets' from Spiral Scripts

  • Some useful Joomla mailing lists http://t.co/lBNEoAcK Link Wednesday, 01 February 2012 12:31
  • New Image Slideshow for Joomla 1.6/1.7/2.5 http://t.co/z9Utb8z9 Link Monday, 23 January 2012 18:14
  • New Image Slideshow for Joomla 1.6/1.7/2.5: We are happy to announce the release of our new image slideshow modu... http://t.co/bWb5VBPh Link Monday, 23 January 2012 17:57
  • New Tool for Joomla Developers http://t.co/jm4F3OlS Link Saturday, 14 January 2012 13:51
  • New Tool for Joomla Developers: Self-Replicating Form Field for Joomla There are times as a Joomla extension dev... http://t.co/myKPsmLh Link Saturday, 14 January 2012 12:17
blog comments powered by Disqus
back to top
 
 
 

VirtueMart Featured Products Grid

Switch View


A Flash puzzle game for the Joomla! content management system. This would be suitable for a site aimed at children.
Com Jigsaw

£12.00



This module displays a short excerpt from articles in a selected category or section, or from a specified list of articles, with link and optional thumbnail image.
Mod Featured Items Pro

£14.00



This module can be used as a replacement for the Virtuemart featured products, top products, random products or recent products modules. It displays product images as a 3 Dimensional Flash slideshow.
Mod VM Flash 3D Slideshow

£15.00



This module displays a short excerpt from articles in a selected category or section, or from a specified list of articles, with link and optional thumbnail image.
Mod Featured Items Carousel

£12.00