Support Forum

[victor]

Hello,

Trying the 'remember me' checkbox I have seen that the trackstudio cookie show the user password raw, this is: without encription... this is a hard security lack I think...

Thanks,

PD: Can I install the new 2.8 release in my production server and do the transdata?

[admin]

Hello,
Trying the 'remember me' checkbox I have seen that the trackstudio cookie show the user password raw, this is: without encription... this is a hard security lack I think...

Yes, we need unencrypted password to authenticate via LDAP, we can't give password hash to the LDAP server. Of course, we can implement some two-way encryptions, but it has so much sense - current solution less comfortable, but fair.

PD: Can I install the new 2.8 release in my production server and do the transdata?

I suggest you following before install on production server (we use similar procedure for TrackStudio Host):
1) Backup your database
2) Restore it to different database (You use MSSQL ? It should not be complex task).
3) Upgrade you new database
4) Substitute gr_user.user_email with your or empty e-mail.
5) Try it on your real data for a day or two.
6) If all goes OK for you - upgrade live database.

Another reason for such upgrade procedure - I am a little distracted at the moment, as I have a new 3 day old son (my first child) and can't fix bugs fast, especially until next week.

[victor]

Yes, we need unencrypted password to authenticate via LDAP, we can't give password hash to the LDAP server. Of course, we can implement some two-way encryptions, but it has so much sense - current solution less comfortable, but fair.

I dont understand 'but...'?

[admin]

Yes, we need unencrypted password to authenticate via LDAP, we can't give password hash to the LDAP server. Of course, we can implement some two-way encryptions, but it has so much sense - current solution less comfortable, but fair.

I dont understand 'but...'?

Sorry, "but current solution is fair".

[victor]

Another reason for such upgrade procedure - I am a little distracted at the moment, as I have a new 3 day old son (my first child) and can't fix bugs fast, especially until next week.

Ops! I didn't read your message completely before my first reply... CONGRATULATIONS! :)

[admin]

Another reason for such upgrade procedure - I am a little distracted at the moment, as I have a new 3 day old son (my first child) and can't fix bugs fast, especially until next week.

Ops! I didn't read your message completely before my first reply... CONGRATULATIONS!

Thank you

[victor]

Another reason for such upgrade procedure - I am a little distracted at the moment, as I have a new 3 day old son (my first child) and can't fix bugs fast, especially until next week.

Ops! I didn't read your message completely before my first reply... CONGRATULATIONS! :)

Thank you :-)

Photographs? ;)

[admin]

Another reason for such upgrade procedure - I am a little distracted at the moment, as I have a new 3 day old son (my first child) and can't fix bugs fast, especially until next week.

Ops! I didn't read your message completely before my first reply... CONGRATULATIONS!

Thank you

Photographs?

I have yet, but I hope...

[greg]

I am a little distracted at the moment, as I have a new 3 day old son (my first child)

Congratulations!

[greg]

Yes, we need unencrypted password to authenticate via LDAP, we can't give password hash to the LDAP server. Of course, we can implement some two-way encryptions, but it has so much sense - current solution less comfortable, but fair.

Perhaps this can be the first development project for your new son.