There are good tools to keep passwords and url's together like keepass that is also available for the platform. Zero coding time, and still you have full control over who you give access to what part of  your installation.




From: Sam Mousa []
Sent: zaterdag 31 augustus 2013 12:12
Subject: [limesurvey-developers] Core developers / support plugin.


Hey guys,


With my customer base growing in size I'm faced with an overload of limesurvey login data.

Impossible to keep track of all the details I am spending a growing amount of time looking for specific installations' details in my mailbox.


To solve this issue I'm proposing adding a dev plugin to the set of core plugins.

Here is what I'm envisioning:


- The plugin, when enabled, adds public key authentication to limesurvey.

- Plugin configuration allows an end user to enable individual public keys.

- By default the core plugin contains a public key for each limesurvey developer (that wants his / her key to be included).

- The plugin encrypts the URL of the installation, the installation name and a user configurable description using the enabled public keys and sends them  to a central server.

NOTE: Since only the developer with the corresponding private key will be able to decrypt the server information there is no way attacking the central server could leak a list of limesurvey installations. Furthermore note that any leakage would only supply a list of LS installations and no login data, ever.


- The developer uses a simple script / personal web site to decrypt the server list and can then directly click on a link that sends him to the limesurvey installation where he logs in.

This logging in done in several steps. 

1. The script / personal website asks the installation for a (random) challenge.

2. The script / personal website encrypts the challenge using the private key and sends the encrypted message and a hash of the public key to limesurvey.

3. Limesurvey checks if the public key is known / active and tries to uses it to decrypt the reponse and obtain the challenge.



The challenge can be implemented stateless in a stateless by using symmetrical encryption or HMAC. Using symmetrical encryption will reduce information leakage in case an attacker tries to obtain a challenge manually.


Any thoughts on this? I'm convinced this is more secure for the end user than the current approach of manually adding users to his / her system and it will definitely be easier for people (forced to) support multiple limesurvey installations.