Jump to content

Community

Johno2518

+Clients
  • Content Count

    12
  • Joined

  • Last visited

About Johno2518

  • Rank
    New Member
  • Birthday 11/12/1986

Recent Profile Visitors

679 profile views
  1. Hi Lindy, Please see reply in ticket, this does not negate the requirement for Transport encryption which is also lightly touched on by Anyone who packet inspects the data over that network will be able to view all content in clear text. In AWS land this is the VPC, someone can packet inspect traffic and firewall rules will not prevent this. I look forward to seeing how Invision will address this vulnerability. I've enjoyed the conversations as its great to see different aspects of the designs/implementations of the software.
  2. Hi, I have split my IPS Web App and Database server and they are hosted separately (Azure Web Apps hosting IPS app and Azure Database for MySQL). Given that data can be captured over the wire in clear text leading to secure vulnerabilities (note blocking port 3306 will not prevent someone sniffing traffic and seeing the data in clear text). The services are hosted in the same datacentre however this will not hide/fix the issue. Only hosting the web app and DB on the same server would prevent this issue. Can you please enable an option in conf_global.php to enable IPS to initiate a secure connection to the database. Not sure what function is in use however if using the PHP MySQL_connect function, the last parameter is client_flags needs to be set to MYSQL_CLIENT_SSL. However this gets implemented, I think its a critical setting required for a modern micro services design. Thanks Jonathon
  3. Hi, Could you please add the ability to hide the Qty field. Let's say i have a generic product that has a custom field that must be unique, but want the customer to be able to add multiple to the cart before check out. This feature would allow that capability. Thank
  4. +1 for Australia. Would love to see AusPost integration!
×
×
  • Create New...