I know that feature requests for 3.2 are frozen.. but i have a enhancement idea that i think is crucial for phpbb, and i think the phpbb staff and dev team will agree.
I haven't had time to draw up a complete blue print yet, but i have enough information to share with the community, so we can come together and contribute constructive ideas.
Idea: a second/third/fourth layer of security "checks and balances" for admin/mod accounts by using security questions.
as of now.. if a admin/mod's account is compromised, there is no second layer of security.
sense phpbb3 already logs IP's, we could use this to better protect admin/mod accounts by
1. remembering admin's/mods previous ip address's
2. when a admin/mod attempts to login, and the system/site notices its from a different ip address.. it will ask one of the various security questions " i would say there should be 3-5 questions"
3. If the questions are not answered correctly.. it could go a couple of ways.. the account could be frozen for X amount of time.. the account could be locked till another admin approves it or .. changes the security questions of they are lost/forgotten.
when the account is validated with the correct security question from a new ip.. then all is good and it remembers that ip address for future use. When the admin/mod returns and logs in from the same ip address.. it will not ask the security question.
With that said, I believe this is a enhancement that is greatly needed for the admin/mods, and a feature that will continue to make phpbb the best forum software out.
All ideas, questions, comments and constructive criticism is welcome.
Thanks for your time
BobBob
New Feature Must Have, Security For Admin and MODS
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
- stickerboy
- Registered User
- Posts: 94
- Joined: Fri Jun 04, 2004 3:05 pm
- Location: Scotland
- Contact:
Re: New Feature Must Have, Security For Admin and MODS
It would probably be best posting this in phpBB discussion on phpbb.com.
I'd also have a read through this topic
http://www.phpbb.com/community/viewtopi ... &t=1514045
I'd also have a read through this topic
http://www.phpbb.com/community/viewtopi ... &t=1514045
I'm a web-designing code-decrypting tech-support musician
|| Twitter || Flickr || phpBB Snippets ||
Formerly known as cherokee red
|| Twitter || Flickr || phpBB Snippets ||
Formerly known as cherokee red
Re: New Feature Must Have, Security For Admin and MODS
i could possibly copy the post over for discussion.. but i don't use 3rd party mods for security reasons... and even if someone created a mod.. as that thread states mods are almost never incorporated into core.. so
i cant believe no one has at least commented or given some thoughts and ideas
i cant believe no one has at least commented or given some thoughts and ideas