New Feature Must Have, Security For Admin and MODS

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
bobbob
Registered User
Posts: 5
Joined: Mon Mar 30, 2009 10:13 pm

New Feature Must Have, Security For Admin and MODS

Post by bobbob »

:idea: I know that feature requests for 3.2 are frozen.. but i have a enhancement idea that i think is crucial for phpbb, and i think the phpbb staff and dev team will agree.

I haven't had time to draw up a complete blue print yet, but i have enough information to share with the community, so we can come together and contribute constructive ideas.

Idea: a second/third/fourth layer of security "checks and balances" for admin/mod accounts by using security questions.

as of now.. if a admin/mod's account is compromised, there is no second layer of security.

sense phpbb3 already logs IP's, we could use this to better protect admin/mod accounts by

1. remembering admin's/mods previous ip address's
2. when a admin/mod attempts to login, and the system/site notices its from a different ip address.. it will ask one of the various security questions " i would say there should be 3-5 questions"
3. If the questions are not answered correctly.. it could go a couple of ways.. the account could be frozen for X amount of time.. the account could be locked till another admin approves it or .. changes the security questions of they are lost/forgotten.

when the account is validated with the correct security question from a new ip.. then all is good and it remembers that ip address for future use. When the admin/mod returns and logs in from the same ip address.. it will not ask the security question.


With that said, I believe this is a enhancement that is greatly needed for the admin/mods, and a feature that will continue to make phpbb the best forum software out.

:arrow: :arrow: All ideas, questions, comments and constructive criticism is welcome.
Thanks for your time
BobBob :geek:
User avatar
stickerboy
Registered User
Posts: 94
Joined: Fri Jun 04, 2004 3:05 pm
Location: Airdrie, UK
Contact:

Re: New Feature Must Have, Security For Admin and MODS

Post by stickerboy »

It would probably be best posting this in phpBB discussion on phpbb.com.
I'd also have a read through this topic :)
http://www.phpbb.com/community/viewtopi ... &t=1514045
I'm a web-designing prototyping tech-support musician
|| Twitter || Flickr || BandCamp ||
Please don't contact me via pm/email unless I ask you to/say it's ok
bobbob
Registered User
Posts: 5
Joined: Mon Mar 30, 2009 10:13 pm

Re: New Feature Must Have, Security For Admin and MODS

Post by bobbob »

i could possibly copy the post over for discussion.. but i don't use 3rd party mods for security reasons... and even if someone created a mod.. as that thread states mods are almost never incorporated into core.. so

i cant believe no one has at least commented or given some thoughts and ideas
Post Reply