Jump to content

Community

skizzerz

+Clients
  • Content Count

    88
  • Joined

  • Last visited

About skizzerz

  • Rank
    Member

IPS Marketplace

  • Resources Contributor
    Total file submissions: 2

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. It only blocks spam on the “Contact Us” form when it’s configured to send submissions to a Commerce support department as well as spam submitted via a regular Commerce support request. It does not run on user registration nor on forum posts or other content. I could look into extending Akismet into other areas of the suite, get in touch via PM if you’re interested in that.
  2. You missed the second half of what I wrote: "Use HTTPS for your API calls and ensure that the server's certificate is strictly validated." If the customer is able to easily reroute it to another site, you are likely failing the second prong of that message. Strict validation means that 1. the hostname/SAN in the certificate matches the host you are trying to reach, 2. the certificate chains up to a trusted CA, and 3. there are no expired or revoked certificates in the chain. You may need to explicitly opt-in to this strict validation in your REST library, consult the documentation for more det
  3. It is impossible to completely prevent this, because the customer can always control what code is running on their machine. Below are some common ways to help protect client applications however. None of these are 100% effective (because it is impossible to be 100% effective), but are more to "keep honest people honest" -- that is, someone who wants to break your licensing will figure out a way to do so. People who are curious but see the roadblocks will be more likely to give up, however. Encoding/obfuscation of source code Use HTTPS for your API calls and ensure that the server's
  4. Custom indicates that the plugin was not downloaded/installed from the Marketplace. If the plugins exist in the Marketplace, you can map them over. There should be a notification in your Admin CP for "Marketplace Setup" -- go ahead and run that.
  5. Version 1.0.0

    1 download

    This plugin adds Akismet spam filtering to incoming Commerce support requests, including support requests created via the Contact Us form. This helps keep your support desk (and notification inbox) clear of clutter, even if the spammers are adept at bypassing CAPTCHAs. Features Activate spam filtering on a per-department basis. Control what happens when a support request is spam: you can either discard it entirely or create it with the Spam status instead of Open. Either way, your support desk staff will not receive any notifications. Flag false negatives and false posit
    $15.00
  6. The disabling PHP functions bit is pure security theater and does not increase the security of your site. If an attacker is capable of running arbitrary PHP code on your server due to some vulnerability, it's already game over. Restricting those functions does not in any way, shape, or form prevent them from doing whatever it is they want to do. Using functions that are required to be enabled just to make pieces of Invision Community function, an attacker can read/write files, read/write the database, and open sockets (network connections). The combination of these is plenty to establish a per
  7. Uploaded version 1.1.0 which brings the ability to modify what identifier is being associated with the Duo enrollment (member id, display name, or email address). Please see the changelog for full details on the implications of changing this setting. Additionally, both 1.0.0 and 1.1.0 have been tested on and work for Invision Community 4.4.
  8. Tested v1.0.0 on 4.3 and everything appears to work correctly, so I'm marking the existing version as compatible.
  9. Sorry I somehow missed this... I'm following the topic yet seemed to have missed the email. Anyway, yes, this works for Admin CP logins in addition to regular logins, just like the built-in multifactor auth schemes.
  10. This is the support topic for Duo Authentication. https://invisioncommunity.com/files/file/8811-duo-authentication/
  11. Version 1.2.0

    45 downloads

    Duo Authentication lets you add Duo as another Multi Factor Authentication (MFA) option. Duo is a paid service with a limited free tier (up to 10 users) which allows centralized management of all authorized users. Setup Instructions Upload the plugin XML file to your Admin CP to install it. Sign up for an account at Duo: https://signup.duo.com/ On your Duo dashboard, create a new "Web SDK" application. See the screenshot above (with 3 arrows and numbers) for an image of how to do this. Make a note of the Integration Key, Secret Key, and API Hostname. Additionally,
    Free
  12. I highly doubt IPS would be willing to shell out tons of money every month to $RANDOM_DEVELOPER. Also, how would renewals work? Or do you only get whatever version was offered for free and if you need to upgrade you gotta pay for it?
  13. The only two places I know of with official documentation are that site you just linked and what is available by clicking the "Help" link on the footer of every IPB site (for example: http://community.invisionpower.com/index.php?app=core&module=help). Beyond that, if you have questions or are confused about something you might be able to find the answer by searching here or by just asking :smile: If something isn't intuitive to you, also consider opening a feedback thread in the appropriate forum. While there are no guarantees anything will be done with that feedback, at least it'll be ou
  14. Consider this (possibly quite common) workflow if what you ask for gets implemented: 1. User opens support ticket, and in process of getting support adds suggestion for improvement 2. Support staff creates new topic on feedback forums in appropriate area and alerts user 3. User doesn't use the forums at all, so doesn't bother checking back on the topic once there aren't any replies after a day (or maybe even after a couple hours), if they even check to begin with 4. Someone posts a reply after that period asking for clarification or some sort other sort of response that requires more knowledge
  15. All developers have the ability to get the email addresses of those who purchased their files (only for paid files, not free downloads). However, that information may only be used to provide support to the customers. The fact that your email address is being collected and available to the developer of the file you purchase is right in the purchase terms: "By purchasing a paid file your email address will be revealed to the author of that file." (last sentence of 3rd paragraph). There is no need to state on an application description that emails are being collected because it is global across a
×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy