Security

General Tips

• run Teedy in Intranet
• use SSL

• adjust apache2 to hide /api/app information (json output which contains information like used version, user count, etc.)

<Location "/api/app">
    AllowOverride None
    Order deny,allow
    Deny from All
</Location>
 
<Location ~ "/api/app/.*">
    AllowOverride None
    Allow from All
</Location>
 
#rewrite /api/app/ to /api/app and so on. Otherwise api/app will be blocked but api/app/ will not be blocked
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [R=301,L]

• enable 2FA for each user account
• Change admin user name to something else

UPDATE t_user SET use_username_c = 'yournewusername' WHERE use_username_c = 'admin';

On Linux you can use https://wiki.ubuntuusers.de/QtQR to import a QR code image from Desktop in case you just want to genate TOTP tokens with tools like KeePassXC for instance. Just run qtqr and select "Decode from File" to open such QR code.

apt install qtqr
qtqr #run the app