Jump to content
BUY ANY PRODUCTS FROM OUR STORE AND GET 10% OFF USING COUPON CODE 10%Off IN THE CHECKOUT ×

Sticky Notes

TIred of boring messages spread across your board?

Then liven it up by downloading Sticky Notes

Not only can you pick and choose what user groups to show them to, you can even allow your members to send personal sticky notes to other members

TheJackal TheJackal
Flash Modding
Sign in to follow this  
FlashBot

4.5: Security Enhancements

Recommended Posts

security.jpg.f83288298992e90aba941661309c97b4.jpg

Although we continuously review security within Invision Community, a major release such as 4.5 allows us to be especially proactive when it comes to keeping your community safe.

This blog entry outlines several enhancements to improve security in Invision Community 4.5.

Password Handling
Keeping your member's passwords secure is the simplest way to keep accounts safe and out of the wrong hands, so it makes sense to look at ways to ensure this doesn't happen.

Invision Community already uses strong one-way hashing when storing passwords, which means that once the password is stored in the database, there is no way to know the plain text version.

However, when creating a new member account via the AdminCP, a random password was created, and this was sent in the welcome email to the new member's email address.

As of Invision Community 4.5, this no longer happens, and the new member is invited to create a new password when visiting the community for the first time.

set-own-password.jpg

Part of your internal security procedures might be to force a reset of all passwords periodically. Invision Community 4.5 allows this on a per-member basis, or via a selection of filters to enforce a reset for many members at once.

Password-reset.jpg

This clears out any stored password hashes and emails the affected members to remind them to set up a new password.

email.jpg

AdminCP Security
The Admin Control Panel contains the most powerful tools available to Invision Community. This is already a very secure area with a separate login with an option to add two-factor authentication to the login flow.

Part of the session authentication has been a special key in the URL. While we have protection in place to prevent this special key being discoverable by a malicious user, there remains an incredibly remote theoretical chance that this could happen with a series of complicated steps. There was an additional annoyance that you are unable to share links within the AdminCP to members of your team due to the increased protection to keep URLs safe.

As of Invision Community 4.5, we have removed the special key from the URL and moved it elsewhere in the session authentication flow. This means that it's impossible to fetch the special key via the URL and links can now be shared and will survive a login action.

Text Encryption
There are a few areas within Invision Community that we use text encryption to allow us to save data in the database in a format that is encrypted when saved and decrypted when read. This protects you in the incredibly remote event of your own hosting being compromised and your database downloaded (of course, our Community in the Cloud customers do not need to worry about this!)

Invision Community 4.5 improves on this encryption by using PHP's built-in methods which give "bank-level" security to our encryption.

Security is critical to the success of your community, and we are always proactive in improving security throughout Invision Community.

Do you have any comments on this entry? Let us know below!

View the full article

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

Demo Chatroom

  • By TheJackal

    You not got it still in PM?


  • By Chubbs

    Okay, where do I send it?


  • By TheJackal

    You can send it to the paypal account if you want and I'll manually approve it again


  • By Chubbs

    no it's just this site

     


  • By TheJackal

    Must be something with your account on there, I just tried with my personal account and it shows up to use the balance


  • By Chubbs

    USD

     


  • By TheJackal

    whats your paypal currency $$$ ?


  • By Chubbs

    but it only does it with this website.


  • By Chubbs

    I do


  • By TheJackal

    do you have a credit / debit card linked to your paypal?


  • By Chubbs

  • By Chubbs

    and it's the card I don't want to use when I have the money in my balance.

     


  • By Chubbs

    tells me I have to use a credit card

    and not my balance.,


  • By TheJackal

    what it happening when your trying to pay? whats the error / refusal message?


  • By Chubbs

    @TheJackal Can I send you the 15 it still isn't letting me pay you via my account balance.


  • By Chubbs

    @thejack


  • By Terrry

    Okay, I'll wait until you're free


  • By TheJackal

    Yes sorry been really busy


  • By Terrry

    Hi, are you all right?


  • By Terrry

    Of course, it is absolutely not urgent. Thank you


  • By TheJackal

    I'll need to check the code etc, I'll be online in a couple of hours so I'll check then


  • By Terrry

    Hi, do you have the opportunity to read my PM? ☺️


  • By TheJackal

    Yeah I am here sorry been busy


  • By Terrry

    @TheJackal Hi are you there?


  • By Terrry

    @TheJackal I answered your PM, and entered a question and suggestion. If you want to read, let me know


  • By TheJackal

    I can give you a link to pay to if needed and I will mark the invoice as paid manually


  • By TheJackal

    Is it maybe the currency?


  • By Chubbs

    I have plenty in my paypal.


  • By TheJackal

    Have you checked you paypal balance? maybe you have pending what'll put your balance below the price of the item?


  • By Chubbs

    in the pay with option

     


  • By Chubbs

    I can only use a card I have on paypal

     


  • By TheJackal

    whats it saying?


  • By Chubbs

    yes, I tried to buy but unfortuanly it won't take my paypal balance :/


  • By TheJackal

     


  • By Chubbs

    Where can we buy the sports betting app at?


  • By TheJackal

    @Terrry check your PM


  • By Terrry

    P.S. Just for information, I made you that request because I use a dark theme of IPSFocus and the nickname of the author and the button for sending, they appear white, with the result that they are almost not seen (in the default theme, yes they visualize well because it's a clear theme) -
    Otherwise to be able to view them, I would have to change the background color of the sticky note, but I like that default yellow color and I wouldn't want to change it


  • By Terrry

    Thanks


  • By TheJackal

    will check it out when I get back online for you mate


  • By Terrry

    Hi, how can I change the color of the author of the sticky note and also the button for the reply?  https://i.ibb.co/SnxRDKT/2020-01-27-152823.png


  • By walterwhite

    Thanks, kind regards


  • By walterwhite

    Hello sir! I did everything but the time delay feature in membersshop plugin does not work. Everything was working fine when I first bought it, but why can't I use it now? Detailed information: When the product is purchased, it automatically purchases. so the time interval I put does not work. I removed the plug and reinstalled it, but it doesn't fix it. My server company said there was no problem with the server.


  • By Terrry

    Of course, thanks. If necessary, I will definitely let you know


  • By TheJackal

    let me know if you want anything else, I can sort you out deals here :D


  • By Terrry

    Great thanks. I'm going to buy it now


  • By TheJackal

    @Terrry it's updated now, I forgot to do that one, it was only a missing language string anyway as the difference


  • By Terrry

    @TheJackal Hi, I want to buy Sticky Notes. On the Marketplace I read that the version is 2.3.1 while here 2.3.0. Did you forget to update it or are they different?



  • By Terrry

    Thanks, thanks, thanks


You don't have permission to chat in this chatroom
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.