I recommend a few items.
1) Use https. There is a parameter in the config to require https and it won't let you login without it.
2) We use Web Server authentication as a first step (before individual application logins). This at least prevents brute force attempts on the webERP login screen
3) you can use .htaccess to redirect when necessary if the correct address isn't entered but my install defaults to the login screen when entering the directory
1- Do i need to by an SSl certificate from my host to us https?
2- Would you have any .htaccess sample that i could use?
3- Could you elaborate on Web Server authentication?
Thanks,
Joe
(04-16-2015, 12:03 AM)agaluski Wrote: I recommend a few items.
1) Use https. There is a parameter in the config to require https and it won't let you login without it.
2) We use Web Server authentication as a first step (before individual application logins). This at least prevents brute force attempts on the webERP login screen
3) you can use .htaccess to redirect when necessary if the correct address isn't entered but my install defaults to the login screen when entering the directory
Yes, An SSL certificate is required to use https. Your hosting company can help you with that.
What web server are you using (Apache, IIS, Other).
If you include your hosting company and or Control Panel type may be able to help you find where to setup the authentication
I can get an SSl certificate from my hosting. No issue. They will help to setup.
I believe we are on Apache...
I tried to send you an email from your profile, but was not authorized. Is it possible to send you the info on private email?