Hi all,
Thanks again for a fabulous product which already is helping protect my forums!
Could I suggest the following items.
1) Would it be possible to watch or monitor plugin alterations, so that an email can be dispatched when a plugin is altered from a userid except the unalterable user in the config.php.
if they can inject a plugin it will just run and run and run and getting in to tamper with plugins and insert eval codes etc.
1a) Could you also add a scan the plugins for EVAL codes button that will allow the unalterable admin to scan plugins, and other known methods of injections or just plain bad plugin design?
maybe a little alert to say that this plugin uses questionable calls etc... please check it for safety
2) if a new admin is created it will notify the webmaster
3) if a new Moderator is created it will notify the webmaster
4) Also instead/as well of admincp passwords per user we could enforce a admincp wide global password-or have both. as once they are saved you do not have to tend to worry about them it would just add an extra layer of security for an INJECTED ADMIN - as he/she won't know the global password!
5) They generally want things like email lists, backups, put silly pictures of their achievement on your main page... could we protect these areas further with things like only access to email lists, backups, etc to unalterable users, or select userids.
Thank you very much for your time!
Mick
Thanks again for a fabulous product which already is helping protect my forums!
Could I suggest the following items.
1) Would it be possible to watch or monitor plugin alterations, so that an email can be dispatched when a plugin is altered from a userid except the unalterable user in the config.php.
if they can inject a plugin it will just run and run and run and getting in to tamper with plugins and insert eval codes etc.
1a) Could you also add a scan the plugins for EVAL codes button that will allow the unalterable admin to scan plugins, and other known methods of injections or just plain bad plugin design?
maybe a little alert to say that this plugin uses questionable calls etc... please check it for safety
2) if a new admin is created it will notify the webmaster
3) if a new Moderator is created it will notify the webmaster
4) Also instead/as well of admincp passwords per user we could enforce a admincp wide global password-or have both. as once they are saved you do not have to tend to worry about them it would just add an extra layer of security for an INJECTED ADMIN - as he/she won't know the global password!
5) They generally want things like email lists, backups, put silly pictures of their achievement on your main page... could we protect these areas further with things like only access to email lists, backups, etc to unalterable users, or select userids.
Thank you very much for your time!
Mick
Last edited:
Upvote
0