configuring the plugin (in Administration)
25 Aug 2017 09:38 #1
by Rüdiger Schultz
Ruediger Schultz
Schultz IT Solutions
Please support jDBexport on JOOMLA Extension directory (JED) at
extensions.joomla.org/extensions/extensi...ta-reports/jdbexport
configuring the plugin (in Administration) was created by Rüdiger Schultz
There is a number of configuration options in the "system" plugin, which are explained here:
Allow pwned passwords?
This is probably the most important setting. If set to YES, your site will not reject passwords like "password" or "123456", which are the first to be tried in a breaching-attempt. If set to NO (recommended), your users will not be able to use such passwords, or any other of the more than 4 billion breached passwords.
Check on login
You may want to check current passwords or email addresses for breaches, just to assist your users in keeping their private data secure. This is only ment to be used for a limited period of time after you first activate the plugin. It makes for bad user expirience, if you tell them over and over again, that their email address is found in the Adobe or LinkedIn breaches.
Show message for old password
If a user changes his current password to a new one, the plugin checks the new one, if it is found in known databreaches. However, at this point, the plugin cannot also check the old password, as this is not stored in plain text of course. So you might want to assist your users by providing them the possibility to check their old password directly. This message contains a link to the "Have i been pwned?" website.
Show 'more info'
If you activate this option, an additional notice will show up with a link to an article within your website. You can use this to explain a little bit about what is going on here (and how your users profit from these security messures you took).
Article with 'more info'
Select the actual article with this (above mentioned) more infos.
API URL and version
We included these as configuration settings here, just in case Troy will move his website or develop yet another version of the API. You don't need to worry about those settings.
Debug
In case of issues, you can activate this setting. It will produce a number of additional messages with various data, in order to pin down any problems. Usually, you should leave this to NO
Allow pwned passwords?
This is probably the most important setting. If set to YES, your site will not reject passwords like "password" or "123456", which are the first to be tried in a breaching-attempt. If set to NO (recommended), your users will not be able to use such passwords, or any other of the more than 4 billion breached passwords.
Check on login
You may want to check current passwords or email addresses for breaches, just to assist your users in keeping their private data secure. This is only ment to be used for a limited period of time after you first activate the plugin. It makes for bad user expirience, if you tell them over and over again, that their email address is found in the Adobe or LinkedIn breaches.
Show message for old password
If a user changes his current password to a new one, the plugin checks the new one, if it is found in known databreaches. However, at this point, the plugin cannot also check the old password, as this is not stored in plain text of course. So you might want to assist your users by providing them the possibility to check their old password directly. This message contains a link to the "Have i been pwned?" website.
Show 'more info'
If you activate this option, an additional notice will show up with a link to an article within your website. You can use this to explain a little bit about what is going on here (and how your users profit from these security messures you took).
Article with 'more info'
Select the actual article with this (above mentioned) more infos.
API URL and version
We included these as configuration settings here, just in case Troy will move his website or develop yet another version of the API. You don't need to worry about those settings.
Debug
In case of issues, you can activate this setting. It will produce a number of additional messages with various data, in order to pin down any problems. Usually, you should leave this to NO
Ruediger Schultz
Schultz IT Solutions
Please support jDBexport on JOOMLA Extension directory (JED) at
extensions.joomla.org/extensions/extensi...ta-reports/jdbexport
The topic has been locked.