close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

interested in SA2 some advice needed

Thread began 11/11/2011 3:33 pm by mr hankey | Last modified 11/24/2011 12:09 pm by mr hankey | 1427 views | 4 replies |

mr hankey

interested in SA2 some advice needed

hi,

not been on here for a while and looking at buying some extensions again, one of which is the SA2.

i have been reading around and i need to know which is the best password encryption to use? is Crypt the best? i.e. can it not be reveresed?

i used sha1 one with sa1 and currently have sites running using md5.

question is does it matter which one as people cannot reverse it unless they have access to the raw mysql database on server is that right? or should i use crypt with sa2?

also what measures should i take to stop people gaining access to the server, do you guys have any help guides on how to keep things secure with your backend database?

and findally does sa2 have an automatic detection of brute force and failed login attempts triggers the user to be inactive for a set period?

i liked this feature with addt and wondered if sa2 had this?

thanks for the help

Sign in to reply to this post

Jason ByrnesWebAssist

SHA1 and Crypt are both one way encryption methods, meaning they cannot be decrypted, both are good choices for encrypting passwords.

md5 is two way encryption method meaning it can be both encrypted and decrypted.

stoping people from gaining access to the zerver falls under server configuration, setting up strong usernames and passwords for MySQL access and for FTP access. we do not have tutorials for configuring the server, this should be handled by your host.


No, security assist does not any built in protection from brute force login attempts.

Sign in to reply to this post

mr hankey

thanks jason, so is there no way for it to recognize failed login attempts?

thanks

Sign in to reply to this post

anonymous

hankey,

You could quickly write your own script for that because when you set up security assist, you get to set the login failed page.

So let's say your login page is "login.php".

And then in the SecurityAssist dialog for failed login, you specify the redirect as "login.php". You could add the a URL variable to the redirect such as "login.php?fail=1".

Now back on your login page, you would add code like this:


First, be sure you have a session start at the top of the page.

php:
<?php session_start(); ?>

Then below that somewhere, you will need to create a session variable and then increment that variable on each failed attempt. Then you can test that variable for failed attempts and create an action.

php:
// This will check to see if the session variable for failed attempts has been set and if not set, it will set it

if (!isset($_SESSION['failedAttempts'])) {
       $_SESSION['failedAttempts'] = 0;  
}

// This will store the session variable into a variable name easier to work with.

$failedAttempts = $_SESSION['failedAttempts'];

// This code will check for the URL variable to passed after a failed login and then add an increment operator to the failed attempt variable

if (isset($_GET['failed']) && $_GET['failed'] == 1) {
      $failedAttempts++;
}

// this statement will see if the failed attempts is higher than 5, if so, it will redirect the user to another page which will keep them from accessing the login page

if ($failedAttempts > 5) {
      header("Location: nologin.php");
       exit();
}

You could get even fancier and add a session time out, but the default of 30 minutes should be good so I would probably just leave it alone.

Of course, you will want all of this code before the WebAssist login code.

Best regards,

Brian

Sign in to reply to this post

mr hankey

thanks for the help i like the code will definately look into this.

cheers

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...