| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67263
|
Wed May 2 18:19:18 2012 |
 | Matt Newville | newville@cars.uchicago.edu | Question | Linux | 2.9.2 | Re: password protect a logbook with Apache redirect | > I don't remember the details, but originally had the same trouble. I think a "/" at the end of a url got me somewhere.
> I have defined...
>
> URL = http://somewhere.edu/elog
>
> ...in the config file, and my redirect looks like this:
>
> Redirect /elog http://somewhere.edu/elog/
> ProxyPass /elog/ http://somewhere.edu:8080/
> ProxyPassReverse /elog/ http://somewhere.edu:8080/
Yes, that did it: Adding the URL to the config file was the key.
Thanks! |
|
67025
|
Mon Mar 7 16:19:35 2011 |
 | Stefan Ritt | stefan.ritt@psi.ch | Question | Windows | | Re: password problem |
| Ken wrote: |
|
I moved my elog install to a new box on short notice due to an emergency, everything works but none of the passwords are recognized, and are not using what it set in elogd.cfg. any ideas ?
|
You did not specify which version of elog you were using. There was recently an update which uses a new format in the password file. When you start this the first time, the program should convert automatically from the old format to the new format and thus increasing security. If this does not work for some reason, so can do password recovery using the "Forgot password?" link in the login page. |
|
1404
|
Mon Sep 5 20:05:43 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Windows | V2.5.9-4 | Re: password forgot kills elogd |
| Martin Lindjärv wrote: |
But i found a bug or something like that. I installed elog on win2003 and winxp with default settings. And everywhere i had same problem - when forgot password is used it kills elogd. Error what is reported in EventLog is "Faulting application elogd.exe, version 0.0.0.0, faulting module elogd.exe, version 0.0.0.0, fault address 0x0002f1ee." and thats all. For testing tried newest beta too but it seems to have same problem.
i can insert my email address and when i click submit it wait's for some time and then gives 404.
But tried under linux (gentoo) and everything works like charm.
|
I tried with the current version under XP and found no problem. Can you try 2.6.0-beta4? |
|
112
|
Fri Aug 16 09:32:07 2002 |
| eric wooten | wootene@verizon.net | Question | | | Re: password file and self register | Ok I got the password file to finally work. Once I created a blank
passwd.txt I get the self register page to appear and create the account.
Next problem. Once I'm logged in, and I click logoout, I get an error
saying
the logout command now allowed ??? Same holds true for the config option
while logged in.
> I too am having problems getting the self register to work. Can you
> attach a sample password file?? When I click the New user, nothing
> happens. I do not get the screen that shows on this demo site. |
|
1159
|
Fri May 27 14:48:05 2005 |
 | Stefan Ritt | stefan.ritt@psi.ch | Request | | 2.5.8-6 | Re: password encryption |
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
|
1160
|
Mon May 30 10:01:14 2005 |
 | Alex H | alex@synergie-inf.com | Request | | 2.5.8-6 | Re: password encryption |
| Stefan Ritt wrote: |
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
Oki Thanks for the answer  .
Alex |
|
1161
|
Mon May 30 19:18:34 2005 |
| Gary Clayson | g_clayson@sbcglobal.net | Request | Windows | 2.5.8-6 | Re: password encryption | Hello Alex and Stefan,
I know of only one way to "hide" the text of the status bar in a web browser;
use JavaScript - specifically the status method (as in the following example):
<!-- the following goes in the body of the document, perhaps in a link. -->
<!-- sample link -->
<a href="javascript://place link url here"
onMouseOver="window.status='Status Bar Text Goes Here'; return true">Link Text Here</a>
<!-- place the following script in the head of the document -->
<script language="JavaScript" type="text/javascript"><!--
window.defaultStatus="Default Status Bar Text Here";
--></script>
Of course the above only works in those browsers that support javascripting,
but it is one way to hide the actual text of links from the user.
Hopefully this helps you!
Gary Clayson
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
|
|
1162
|
Mon May 30 19:56:01 2005 |
| Emiliano Gabrielli | AlberT@SuperAlberT.it | Request | Windows | 2.5.8-6 | Re: password encryption |
| Gary Clayson wrote: | Hello Alex and Stefan,
I know of only one way to "hide" the text of the status bar in a web browser;
use JavaScript - specifically the status method (as in the following example):
<!-- the following goes in the body of the document, perhaps in a link. -->
<!-- sample link -->
<a href="javascript://place link url here"
onMouseOver="window.status='Status Bar Text Goes Here'; return true">Link Text Here</a>
<!-- place the following script in the head of the document -->
<script language="JavaScript" type="text/javascript"><!--
window.defaultStatus="Default Status Bar Text Here";
--></script>
Of course the above only works in those browsers that support javascripting,
but it is one way to hide the actual text of links from the user.
Hopefully this helps you!
Gary Clayson
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
|
I don't have double checked .. but .. why we need to pass the sensible information in the Query String ??
Are you sure that putting it in an hidden field (and eventualli using a GET methon in the <form>-tag) can't be a solution? |
|