Click Yes to enable locking by IP address.Enter a value, in seconds, for how long the user account is locked.Enter a value for the number of failed login attempts before the user account is locked.Enter a value for the number of failed login attempts before a ReCaptcha is displayed.Click Yes to enable login protection for API Portal.In the JAI, click Components > API Portal > Login Protection.To protect API Portal and Joomla! from brute force attacks, you can limit the number of failed login attempts that API Portal or Joomla! allows: Limit the number of failed login attempts To encrypt your plaintext password, see Encrypt database password. Locate the public $dbtype = 'mysqli_encrypted' line and replace it with public $dbtype = 'mysqli'.Ensure to follow PHP quoting rules for any special characters in the password. Locate the line that starts with public $password = and replace its value with the plaintext MySQL password.
AXWAY SECURE TRANSPORT UPDATE
To update an encrypted password to plaintext password: Update an encrypted password to plaintext password Run the apiportal_db_pass_encryption.sh script and provide the new database password to use.Change the database password in your database server.
This section shows how you can update an encrypted database password. Note that if you encrypt your database password, you cannot use the database secure connection option. Only the password is decrypted on each connection request, not the whole payload, so no significant performance impact is expected. The database password is stored encrypted in the /configuration.php file. The script uses the passphrase to encrypt and decrypt the database password on each connection request. You will be prompted to enter a passphrase and your database password. To encrypt your database password, run: # sh apiportal_db_pass_encryption.sh
AXWAY SECURE TRANSPORT UPGRADE
The script is available both from API Portal installation and upgrade packages. If you did not choose to encrypt your database password during the installation process, you can use the apiportal_db_pass_encryption.sh script to encrypt the password at any time. To restart the web server configuration, enter the following: # /etc/init.d/apache2 reload Specify the internal IP address range that is allowed to access JAI. Open the /etc/httpd/conf.d/nf file.Īdd an access restriction directive for the /administrator location. To counter a session fixation vulnerability in Joomla!, it is recommended that you protect the Joomla! Administrator Interface (JAI) from direct Internet access. Protect Joomla! from direct Internet access Run the sslscan again on your API Portal port to check that TLS 1.0 and 1.1 have been disabled. Header always append X-Frame-Options SAMEORIGIN SSLCertificateKeyFile "/etc/httpd/conf/server.key"
SSLCertificateFile "/etc/httpd/conf/server.crt" and 1.1, open the following file: /etc/httpd/conf.d/nfĪdd the following SSL protocol definition for the secure connection: By default, API Portal uses port 443 for secure connections: sslscan : To check which TLS versions are enabled, scan your API Portal port. Because TLS 1.0 and 1.1 have security vulnerabilities, it is recommended to disable them.
AXWAY SECURE TRANSPORT SOFTWARE
On an API Portal software installation, the Apache web server has TLS versions 1.0 and 1.1 enabled in addition to the TSL 1.2 that API Portal uses.