siteAdmin

There are many reasons why a system (client portal in the case of Blesta) should have a UNIQUE email address. One simple reason is "When one recovers the password". This is a security measure. An Admin ( or Staff ) may by mistake duplicate email addresses while creating clients. To avoid this the email address should be unique. There are several other reasons too. ********************* In fact I was not checking this email address thing purposely. I came across this accidently while trying checking functions of various other inputs in order to develop a plugin for a particular project. But this finding is unexpected.

Hi Dev Team, Since I am new to Blesta I started testing the v3.6.2 for two reasons. 1) I wanted to get it customized for our business 2) Check bugs/security if any. I started testing Blesta on a localhost (laptop) with a trial license. To my surprise I found that two clients can be created from Blesta Admin Panel with the same (identical) email address. I tested this with client's other data different from one another but the email address. This is not acceptable. It should NOT be like that. Can someone from Dev Team explain this to me? Thank you in advance. P.S. I can check this myself. Would appreciate if Dev can pm me the names of the files related to Admin Creating a Client, as I am busy at the mom and don't have time to study all coding in Blesta. Thanks again.

Thank you very much.

Thanks for the reply. Do you mean to say that I need to get a paid license for localhost on my laptop and then re-apply for the production domain? But one needs to do all the testing locally before putting them on a paid server.

Hi, I just installed ver.3.6.2 on localhost for testing purposes. Could someone tell me to get a license for localhost?. I get an error. QUOTE: Sorry, a trial has already been issued for this domain and is no longer valid. To obtain a new trial key, please contact sales@blesta.com. If you'd like to purchase a license, please visit www.blesta.com. UNQUOTE: Thanks in advance.

1) Can the trial version be hosted on local http://localhost/blestatrial - is a license required? (With IonCube loaders of course!) 2) Can Blesta Trial be installed on subdomain.example.com (for testing) and example.com (production) with a single license? Thank you in advance.

Thanks for that.

Well, I have not yet seen a database fields of a Blesta db. Once the v4 is released I shall get one and see how best it can be customized to implement mariaDB's data-at-rest encryption method. Having the key stored in the config file is not going to do much in today's hackers' world.

Re mariaDB data-at-rest encryption or AWS key management service, one can select the tables/spaces either to be encrypted or not. So, if that can happen on the Blesta then there wont be any chances for any hacker to change db content. It is possible that someone can delete the data but not to read it. The AWS KMS can rotate the keys and they kept away from the app so make it impossible to crack.

@Paul Thanks for the reply. Yes, it is related to the db encryption and there is one good advantage (over AES encryption/decryption) on that feature. Don't want to go into too many technical details here as it is a server security related issue. BTW, does Blesta have a feature to encrypt all the fields or just few selected fields by default?. However, I have noticed that custom fields do have the option to encrypt. And one more question. Can these custom fields (whether encrypted or not) be included in webhooks?

@Licensecart Thanks for the reply. Any idea on Q's 2 & 3?

Hi to all Blesta fans, This is my first post. I am here because I have read a lot about the Blesta security features and interested in purchasing one soon. Obviously I have many questions. But my main questions are 1) if V4 will support mariaDB 10.1.18 and 2) if V4 will have any feature to support mariaDB's data-at-rest encryption OR AWS Key Management service. Thank you.