This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Secure Login for SS 3.1

676 Views

AD5XJ

Community Member, 35 Posts

10 September 2014 at 6:20am

I love Silverstripe and I am in the process of moving my current Drupal 7 site to SS. However, I have some concerns.

I am attempting to lock down the security of my site (any theme) by changing the login to require a captcha field as verification to avoid spam and bots. I do not want any annonomus user to be able to access administration pages without a valid human login. I have done this successfully with the Contact Us form. The captcha field works very well with no problems.

However, (and much to my surprise) no such security is required for the member login for "site/admin/#" (pages, etc.) or "site/Security/login". As long as a username (email) and password is passed all the sensitive areas of the site are exposed. This is security mentality that is decades old and not sufficient for today.

I have attempted to add the captcha field to the member login by creating a custom LoginPage.php and using an override in _config.php.

I was unable to make the override work at all.

Question #1 why this short sighted omission at this point in time?
Question #2 can we expect security to be improved in the next release?
Question #3 in the mean time - how do I override the current login form to use a more secure custom login?
Question #4 is there a add-on I missed somewhere that does what I am looking for?

- AD5XJ

Return to top