ExternalResources is a core plugin, it allows the system administrator to point references to some (or all) static resources to another server (on an individual basis, or all-in-one). This allows for parallel downloading of resources, giving a faster page load. Where the Google hosted JQuery libraries are used, this can greatly improve load times.
The only file not supported is info.php as the keyfile needs to reside on the same domain as the rest of PHPCredLocker.
A plugin for PHPCredLocker allowing a note to be registered against the relevant customer in AffinityLive whenever a customers credentials are added, amended, viewed or deleted. The plugin currently uses Affinity Live's webform API, but will be updated to use their JSON API when it comes out of beta.
AutoAuth is a PHPCredLocker plugin providing a one-click login option for certain CredTypes. By providing the relevant form id's (presets are available), superadmins can configure a credential type to display a 'Log In' button for all associated credentials.
AutoAuth is known to work with
AutoAuth doesn't currently work with Joomla! as it requires a correct form token to be included in the request.
You can see AutoAuth in action in the PHPCredLocker demo.
See below for the Plugin's README
There are a few steps you should take following installation of PHPCredLocker, though only one that you have to take. All are, however, strongly recommended;
Given the sensitivity of the data inherent in PHPCredLocker's intended purpose, security has been given priority over any other consideration. If something is convenient, but lowers security it's not generally been implemented.
A number of potential attack vectors have been identified and measures put in place to mitigate the risk of such an attack, these are
This documentation details the measures put in place to mitigate each of these risks.
PHPCredlocker is an Open Source(GNU AGPL V3) credentials locker written in PHP. Featuring strong encryption and a paranoid approach to security, the system has been designed to prioritise the secure storage of credentials over all other considerations.
I'm not an interface designer (not by a long shot) so the system has been designed to be templatable by those who know how to make things look nice!
This documentation details how to install PHPCredLocker, but there are a few pre-requisites
So long as you satisfy these requirements, you should be ready to install. Grab PHPCredLocker from GitHub.
Extract the archive into a directory on your webserver.
Permissions may be correct straight away, but it's unlikely. Many systems will use 755 permissions, but for security reasons we cannot allow this (do you really want to allow all users to read your crypto keys?). So set the following permissions recursively (whether by using chmod or in your FTP/File Manager)
Make sure the above directories (and their contents) are owned by whichever user your webserver runs as (if you use CPanel it'll generally be the same user as you log into CPanel as.). This may be nobody, apache, root (if so, you've got problems) or some other user (if you have suExec enabled).
Note: There's no reason you can't set all the PHPCredLocker files/directories to 760, but the ones listed above must be set to deny access to users who are not either the owner or part of the owning group - you could also deny access to group if you wished.
