Announcement

Collapse
No announcement yet.

Taking EspoCRM Public

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Taking EspoCRM Public

    We now have a requirement to make EspoCRM public-facing so that any of our users can log into the system from around the world.

    I have read posts which question the security of the EspoCRM system so I was wondering, how have other users handled this situation?

    We are running on a Linux server with Apache. Given that EspoCRM does not uses a 2FA authentication system, I'm looking at using something like Google Authenticator as the initial blocker for external requests to the site.

    Can anyone share their experiences, please?

  • #2
    I decided in the end to push forward and enable Google two-factor authentication for Apache.

    It requires a bit of set up first and uses the Google Authenticator app to authorise the sign in attempts.

    For reference, here the is repo which I used: https://github.com/itemir/apache_2fa

    Comment


    • #3
      TOTP 2 factor auth is planned for the future. Maybe the next minor release.

      Comment


      • #4
        Originally posted by yurikuzn View Post
        TOTP 2 factor auth is planned for the future. Maybe the next minor release.
        Amazing! I'd love this feature too.

        Comment


        • #5
          It's already done. For 5.7.0 release.

          Comment


          • #6
            Thanks Yuri... great

            Comment


            • #7
              Originally posted by yurikuzn View Post
              It's already done. For 5.7.0 release.
              Fantastic. Thank you.

              Comment


              • #8
                I've just merged the GitHub TOTP changes with the latest 5.6.9 release of EspoCRM.

                I've enabled TFA for the "admin" account and having used the Google Authenticator app to scan the QR code and generate the TFA code, I can confirm that I can NO LONGER log in via the admin user name.

                The "please wait" banner appears and when I check with Google's developer tools, I can see an "authorization failed" message in the JS console.

                Comment


                • #9
                  Sorry, but it is not supposed to be merged with 5.6.9. I don't have time to investigate this.

                  Comment


                  • #10
                    I would like to thank you for the efforts you have made in writing this post. Thanks for posting Really Such Things. I should recommend your site to my friends.

                    Comment

                    Working...
                    X