Easy!Appointments processes customer contact data and booking details. Hardening should prioritize rapid patching, secure staff authentication, and strict protection of public booking APIs.
- Upgrade promptly to current stable releases.
- Track known vulnerabilities (for example CVE-2022-0482 was fixed upstream).
- Validate API permission behavior after each update.
- Keep PHP and web server packages patched alongside app updates.
¶ 2) Harden staff authentication and directory integration
- Use LDAP integration for centralized staff/admin account control.
- Prefer LDAPS/StartTLS for directory authentication transport.
- Use read-only bind accounts and rotate bind credentials.
- Restrict admin panel access by trusted network ranges.
¶ 3) Protect booking endpoints and customer data
- Add rate limiting on booking and login endpoints.
- Restrict CORS/origin settings to expected domains.
- Encrypt backups containing customer and appointment data.
- Apply strict DB permissions and keep DB service private.
- Easy!Appointments documentation: https://easyappointments.org/documentation
- Easy!Appointments source repository: https://github.com/alextselegidis/easyappointments
- Easy!Appointments security policy: https://github.com/alextselegidis/easyappointments/security
Any questions?
Feel free to contact us. Find all contact information on our contact page.