Support

Admin Tools

#25052 keeping session and security

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 02 June 2016 17:20 CDT

user87850
Hi,

Joomla allows to keep session in database or use PHP - then it keeps it on the server.
Can you say what is better from security reasons and Admin tools configuration? 

tampe125
Akeeba Staff
Hello,

as far as I can tell, the best thing is to use the default option, database storage.
Honestly I don't know how much the session package is tested vs other options, if you want to be safe I'd suggest you to stick with the database.
For your information, with release 3.5.0 of Joomla, the entire session package was rewritten, and there are no security issues for the session.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user87850
O, thanks for the information. That's big point for keeping session in database.

I have other question - do you plan for Admin tools disabling some unused options like: IP autban, Black list, WAF exceptions. Fo r now even if I don't use it is executed and produces database query. Some other options already have such "switch".

tampe125
Akeeba Staff
Currently there's no switch to turn it off. However since it's an "empty" query, its impact is very small.
I'll get in touch with Nicholas about it, but I don't know if there's any advantage to add more switches.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user87850
Hi,

I have my humble suggestions as I'm not PHP programmer ;-)

I traced plugin's code and you run 44 files that havie differnt features. Because you scan the directory you have to execute all that files and each file has to respond if the feature is enabled or not. Moreover - a few of them executes queries even if not enabled. All together costs some time, on my hosting executing this plugin costs maybe 40-50 ms. I don't have PHP 7 so far :-)

I did a test - I moved all feature files that I don't use into other directory (I called it: "disabled") and left only 22. Then I ran page again an the gain was:

- 3 SQL queries less
- 10 ms server time less

I know this is not much but if you have shared hosting which have ups and downs sometimes any extra code can be turned into 2,3 times more miliseconds. And if you have very busy page these 10 ms are multiplied.

So very easy way to speed up Admin Tools Front End plugin is: when user configure features on backend and does not set some feature or disable it just move the file to "disabled" directory or change the file name from ".php" to ".dis" then not include it in scanning each page execution.

This is just a suggestion, as I wrote - I'm not programming in PHP, however working as IT staff.

tampe125
Akeeba Staff
If you want to disable ip autoban or blacklist, you can turn it off in the WAF configuration page. This means that the only missing switch is the WAF
As you can easily image, every extension added to a bare minimum Joomla installation will slow it down. The improvements you are talking about are irrelevant: if the network slows down a little, all your changes are completely lost.
So there are practical no advantages to actually disable features, you are just making the whole component more complicate.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user87850
Can you writ e how to turn off IP autoban and Blacklist? When I did it still queries are being executed. Sa I assume it is not to be turned off completely

tampe125
Akeeba Staff
Configure WAF, First tab, Disallow site access to IPs in Blacklist .
Again, I think you are wasting time on micro-optimization: queries performed by Admin Tools are heavily optimized and they really take few milliseconds, moreover if the table is empty they just take basically no time. If you really want to improve the speed of your site in a sensible way, upgrade your PHP to version 7 and lower the amount of data sent by the server to the user.
There's no point on lowering the time spent by the server to render the site, if a single page weights several Mb.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user87850
I'll see this again. For now have no more questions.

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!