Search found 148 matches

Search found 148 matches

Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

My modification has been updated, please see git discussion for details and download.

Jump to post
  • Tue Jan 28, 2025 3:59 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

i meant there's bit of a difference between and admin that is just downloading and uploading extensions, that could make use of version control on their addons compared with and admin that could be reading and editing this one source file to see that comment...

Jump to post
  • Thu Nov 21, 2024 3:41 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

well this will be handy, i can move the ocmod's ive bought and installed out of the db and into files, pity this option isnt a setting in oc mod to install that way instead of the db, to make this option known about and used

Jump to post
  • Wed Nov 20, 2024 8:24 pm
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

Why on earth not? Of course you can use Git with it if you want. Nope, you can put the file in one of the root dirs and it gets applied automatically. No wonder you hate it if you've been reinstalling after each change :laugh: but the mod is stored in the db ? can you plz explain more ?how can it b...

Jump to post
  • Wed Nov 20, 2024 3:29 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

what do you have against OCMod? as a pure user its fine, but if you want to edit a mod or develop one, it just gets in the way, no source control possible, no syntax highlighting/editor available when modding, having to reinstall each time change made or edit direct in db and a new one since this t...

Jump to post
  • Thu Nov 07, 2024 2:14 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

ADD Creative wrote:
Wed Nov 06, 2024 8:21 am
You can edit the Twig templates in the admin by going to Design -> Theme Editor. The edited templates are stored in the database.
right... never looked in here, so can twig be used to do get code execution / modify files ?

Jump to post
  • Wed Nov 06, 2024 10:33 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

Ah OCMOD, (i dont like it) I totally forgot that, as I use vqmod for everything when possible Re twig, you cant edit them from the admin can you ? paul, yes, plz read my correction above ive certainly had some extensions with obfuscated code, its annoying, but i can understand the dev doing it (sour...

Jump to post
  • Wed Nov 06, 2024 5:06 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

Ive been thinking about this some more, and i think i might have to take back what i said about if someone has admin they can likely only mess with the db. There is the extension installer ... So someone could make a custom extension and then install it and then be able to edit files / get code exec...

Jump to post
  • Tue Nov 05, 2024 1:42 pm
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

So this is my point, admin is only there to edit the database , and protecting the admin is just protecting the database, and if you have a compromised db by othermeans, someone having admin access on top of that is not really going to be any worse.

Jump to post
  • Fri Oct 25, 2024 3:40 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

OK, so why encrypt the secrets? What's the scenario that it would help?

Jump to post
  • Tue Oct 22, 2024 10:02 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

So I guess this would only help if the intruder has gotten db access (eg via an injection) but not file/php access, which can happen. But if they have db access, does it really matter if they can login into the admin or not ? As protecting the admin is just about protecting the DB really, there's no...

Jump to post
  • Tue Oct 22, 2024 3:39 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

Right so you are encrypting the totp secret keys,
But where are you keeping the key for that, which is more secure than where the secret keys are kept ?

Jump to post
  • Mon Oct 21, 2024 5:53 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

So without an extra mobile device on hand, your approach won't work for desktop users? There are 2FA applications and web browser extensions for desktops. Of course if it's not tied to some sort of security key it won't be as good as using second device. id actually thought there might be, i think ...

Jump to post
  • Sat Oct 19, 2024 3:34 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

What exactly are you trying to accomplish? Also, will it work from a desktop device with a web browser like FireFox or Chrome? which bit ? this is using a mobile auth app as an extra step in the sign in process for the admin viewed in a browser So without an extra mobile device on hand, your approa...

Jump to post
  • Fri Oct 18, 2024 6:24 pm
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

khnaz35 wrote:
Fri Oct 18, 2024 2:04 pm
This is good and solid starting point when you used

Code: Select all

pragmarx/google2fa bacon/bacon-qr-code
, i would most likely also use

Code: Select all

defuse/php-encryption
what are you suggesting to encrypt ?

Jump to post
  • Fri Oct 18, 2024 6:22 pm
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

paulfeakins wrote:
Thu Oct 17, 2024 9:44 pm
haydent wrote:
Thu Oct 17, 2024 6:02 am
if an intruder has access to a users email account
If an intruder has access to your email account, you're in big trouble anyway.
it does happen, or credentials are re-used, this protects your store and is very common.

Jump to post
  • Fri Oct 18, 2024 4:05 am
  • Replies 42
  • Views 7733
Re: 2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

JNeuhoff wrote:
Thu Oct 17, 2024 7:16 pm
What exactly are you trying to accomplish? Also, will it work from a desktop device with a web browser like FireFox or Chrome?
which bit ? this is using a mobile auth app as an extra step in the sign in process for the admin viewed in a browser

Jump to post
  • Fri Oct 18, 2024 4:04 am
  • Replies 42
  • Views 7733
2FA Admin with TOTP App (google authenticator, authy etc) free vqmod

So recently had a admin account login 'leaked' and used by a 'hacker' to deface site. It made me realise once you get multiple admin users this sort of thing is inevitable. So I looked into 2FA options, as if an intruder has access to a users email account, 2fa via email is no use. OC 4 has 2 step b...

Jump to post
  • Thu Oct 17, 2024 6:02 am
  • Replies 42
  • Views 7733

Search found 148 matches