1 (edited by Tobi 2005-09-13 11:34)

Topic: Extra Security

I released the little hack I wrote here some time ago as a mod.
I think everybody who is concerned about security and wants to add abit of it at no cost should have that smile

What the mod does:

When you open an admin page the browser will ask you for an extra username/password just as if they were protected by a .htaccess file.
This username/password is stored in a text file on your server.
When somebody hacks your board he will not be able to do damage in the admin section unless he finds the extra. password.

You can download the mod from punres.org or here:

mod_extra_security-1_0.tgz

and, as usual, for the windows folks there is

mod_extra_security-1_0.zip


PS:
The mod is installed in 2 minutes, it is really easy

PPS:
Since you need an md5 encoded password you need an md5 encoder to make the password file.
I have one here in case you don't know how to do that.

The German PunBB Site:
PunBB-forum.de

Re: Extra Security

nice I like it

3 (edited by Directrix 2005-09-13 12:28)

Re: Extra Security

Very good for extra security, but just incase somebody request the textfile where the password is stored, the server has to prevent access to it.

In a .htaccess file:

<Files admin_pass.pwd>
order allow,deny
deny from all
</Files>

4

Re: Extra Security

That's right.
Actually, in my original post I recommended to move the password file out of the document root and adjust the admin_common.php accordingly.

The German PunBB Site:
PunBB-forum.de