Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
My modification has been updated, please see git discussion for details and download.
Jump to post- Tue Jan 28, 2025 3:59 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
i meant there's bit of a difference between and admin that is just downloading and uploading extensions, that could make use of version control on their addons compared with and admin that could be reading and editing this one source file to see that comment...
Jump to post- Thu Nov 21, 2024 3:41 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
sure, but what admin user is reading all the code
Jump to post- Wed Nov 20, 2024 11:03 pm
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
well this will be handy, i can move the ocmod's ive bought and installed out of the db and into files, pity this option isnt a setting in oc mod to install that way instead of the db, to make this option known about and used
Jump to post- Wed Nov 20, 2024 8:24 pm
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
Why on earth not? Of course you can use Git with it if you want. Nope, you can put the file in one of the root dirs and it gets applied automatically. No wonder you hate it if you've been reinstalling after each change :laugh: but the mod is stored in the db ? can you plz explain more ?how can it b...
Jump to post- Wed Nov 20, 2024 3:29 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
what do you have against OCMod? as a pure user its fine, but if you want to edit a mod or develop one, it just gets in the way, no source control possible, no syntax highlighting/editor available when modding, having to reinstall each time change made or edit direct in db and a new one since this t...
Jump to post- Thu Nov 07, 2024 2:14 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
right... never looked in here, so can twig be used to do get code execution / modify files ? Jump to postADD Creative wrote: ↑Wed Nov 06, 2024 8:21 amYou can edit the Twig templates in the admin by going to Design -> Theme Editor. The edited templates are stored in the database.
- Wed Nov 06, 2024 10:33 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
Ah OCMOD, (i dont like it) I totally forgot that, as I use vqmod for everything when possible Re twig, you cant edit them from the admin can you ? paul, yes, plz read my correction above ive certainly had some extensions with obfuscated code, its annoying, but i can understand the dev doing it (sour...
Jump to post- Wed Nov 06, 2024 5:06 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
Ive been thinking about this some more, and i think i might have to take back what i said about if someone has admin they can likely only mess with the db. There is the extension installer ... So someone could make a custom extension and then install it and then be able to edit files / get code exec...
Jump to post- Tue Nov 05, 2024 1:42 pm
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
I'm curious to learn how?
Jump to post- Sat Oct 26, 2024 6:38 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
So this is my point, admin is only there to edit the database , and protecting the admin is just protecting the database, and if you have a compromised db by othermeans, someone having admin access on top of that is not really going to be any worse.
Jump to post- Fri Oct 25, 2024 3:40 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
OK, so why encrypt the secrets? What's the scenario that it would help?
Jump to post- Tue Oct 22, 2024 10:02 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
So I guess this would only help if the intruder has gotten db access (eg via an injection) but not file/php access, which can happen. But if they have db access, does it really matter if they can login into the admin or not ? As protecting the admin is just about protecting the DB really, there's no...
Jump to post- Tue Oct 22, 2024 3:39 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
Right so you are encrypting the totp secret keys,
But where are you keeping the key for that, which is more secure than where the secret keys are kept ?
- Mon Oct 21, 2024 5:53 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
So without an extra mobile device on hand, your approach won't work for desktop users? There are 2FA applications and web browser extensions for desktops. Of course if it's not tied to some sort of security key it won't be as good as using second device. id actually thought there might be, i think ...
Jump to post- Sat Oct 19, 2024 3:34 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
What exactly are you trying to accomplish? Also, will it work from a desktop device with a web browser like FireFox or Chrome? which bit ? this is using a mobile auth app as an extra step in the sign in process for the admin viewed in a browser So without an extra mobile device on hand, your approa...
Jump to post- Fri Oct 18, 2024 6:24 pm
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
what are you suggesting to encrypt ? Jump to postkhnaz35 wrote: ↑Fri Oct 18, 2024 2:04 pmThis is good and solid starting point when you used, i would most likely also useCode: Select all
pragmarx/google2fa bacon/bacon-qr-code
Code: Select all
defuse/php-encryption
- Fri Oct 18, 2024 6:22 pm
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
it does happen, or credentials are re-used, this protects your store and is very common. Jump to postpaulfeakins wrote: ↑Thu Oct 17, 2024 9:44 pmIf an intruder has access to your email account, you're in big trouble anyway.
- Fri Oct 18, 2024 4:05 am
- Replies 42
- Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
which bit ? this is using a mobile auth app as an extra step in the sign in process for the admin viewed in a browser Jump to post
- Fri Oct 18, 2024 4:04 am
- Replies 42
- Views 7733
2FA Admin with TOTP App (google authenticator, authy etc) free vqmod
So recently had a admin account login 'leaked' and used by a 'hacker' to deface site. It made me realise once you get multiple admin users this sort of thing is inevitable. So I looked into 2FA options, as if an intruder has access to a users email account, 2fa via email is no use. OC 4 has 2 step b...
Jump to post- Thu Oct 17, 2024 6:02 am
- Replies 42
- Views 7733