Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 235 of 236  Not logged in ELOG logo
icon3.gif   Improved display speed, posted by Stefan Ritt on Tue Jul 23 15:59:55 2002 
Version 2.0.5 of elog has been released today. Among various bugfixes, the 
display speed for threaded lists has been improved significantly. Display 
all messages of this forum and press the reload button to see the 
difference.
icon5.gif   change the Email From address used when sending notifications, posted by WootenE on Tue Jul 16 15:19:08 2002 
Is there a way to change the From address used when sending notifications 
from ELOG?   I was hoping there might be another attribute that would go 
along with the smtp host section.

Thanks,
Eric
    icon2.gif   Re: change the Email From address used when sending notifications, posted by Stefan Ritt on Tue Jul 23 09:16:01 2002 
> Is there a way to change the From address used when sending notifications 
> from ELOG?   I was hoping there might be another attribute that would go 
> along with the smtp host section.
> 
> Thanks,
> Eric

Yes there is an option

Use Email from = xxxx

see documentation.
icon4.gif   Port specification with -p fails under RedHat Linux (2.0.4-1), posted by Joeri Mastop on Mon Jul 15 14:09:30 2002 
Hello,

I noticed a strange behaviour with Elog 2.0.4 (i386 RPM) in Linux (RH 7.2). 
I started Elog out-of-the-box with portnumber 888 ('sbin/elogd -p 888').

It runs just fine, but appears to listen to port 8080, the default! It 
looks like the -p option on the command-line is ignored.

Anyone seen similar problems? 

Joeri
    icon3.gif   Re: Port specification with -p fails (SOLVED, more or less), posted by Joeri Mastop on Mon Jul 15 15:05:22 2002 
> Anyone seen similar problems? 
Probably not if you read the config file, 'cause I didn't. Shame on me...

But what this shows (Stefan: correct me if I'm wrong) is that if you set 
the port number in the [global] section of the config file, the command-line
option '-p' is ignored. FYI...

Joeri
       icon2.gif   Re: Port specification with -p fails (SOLVED, more or less), posted by Stefan Ritt on Tue Jul 23 09:12:14 2002 
> > Anyone seen similar problems? 
> Probably not if you read the config file, 'cause I didn't. Shame on me...
> 
> But what this shows (Stefan: correct me if I'm wrong) is that if you set 
> the port number in the [global] section of the config file, the command-line
> option '-p' is ignored. FYI...
> 
> Joeri

I changed that behaviour, so from 2.0.5 on the command line port setting has 
precedence over the configuration file (as it should be).
icon4.gif   Reverse sort, threaded display fails when there is only 1 entry in logbook, posted by Ravi Pappu on Sun Jul 14 15:15:19 2002 

This is not a serious bug...but when the global settings are as follows

[global]
Display mode = threaded
Reverse sort = 1

all logbooks with only a single entry produce the wrong URL on 
clicking "last 10"

The URL produced is http://localhost:8080/LogbookName/0
instead of http://localhost:8080/LogbookName/1

Ravi
    icon2.gif   Re: Reverse sort, threaded display fails when there is only 1 entry in logbook, posted by Stefan Ritt on Wed Jul 17 14:53:18 2002 
> 
> 
> This is not a serious bug...but when the global settings are as follows
> 
> [global]
> Display mode = threaded
> Reverse sort = 1
> 
> all logbooks with only a single entry produce the wrong URL on 
> clicking "last 10"
> 
> The URL produced is http://localhost:8080/LogbookName/0
> instead of http://localhost:8080/LogbookName/1
> 
> Ravi

This question has been answered in elog:55 .
icon4.gif   last x link TEXT, posted by H. Scheit on Fri Jul 12 10:18:21 2002 
The last x link TEXT now shows up like this

   'Last 20 entries?mode=threaded'

I can not reproduce this with the elogdemo logbook, however.
    icon2.gif   Re: last x link TEXT, posted by Stefan Ritt on Fri Jul 12 10:26:40 2002 
> The last x link TEXT now shows up like this
> 
>    'Last 20 entries?mode=threaded'
> 
> I can not reproduce this with the elogdemo logbook, however.

...because it has been fixed in meantime (revision 2.41). I have not made a 
new release since I want to fix the elog password submission first. In 
meantime, you can get the actual version from 

http://midas.psi.ch/cgi-bin/cvsweb/elog/elogd.c
icon4.gif   entry number not updated properly after deleting, posted by mo on Thu Jul 11 15:59:17 2002 
Hello,
    If you delete a message from the middle of a logbook that contains a 
bunch of messages, the message numbers do not get updated properly.  For 
instance, if you have 20 messages in the logbook, and delete number 15, 
entry numbers 16 through 20 all do not get subtracted by one; their numbers 
stay the same with #15 just missing in the middle.  

Mo
    icon3.gif   Re: entry number not updated properly after deleting, posted by Stefan Ritt on Thu Jul 11 16:03:56 2002 
> Hello,
>     If you delete a message from the middle of a logbook that contains a 
> bunch of messages, the message numbers do not get updated properly.  For 
> instance, if you have 20 messages in the logbook, and delete number 15, 
> entry numbers 16 through 20 all do not get subtracted by one; their numbers 
> stay the same with #15 just missing in the middle.  
> 
> Mo

That's how it's supposed to be. Once a unique message ID is attached to a 
message, it stays there forever. Think of links to message like

http://midas.psi.ch/elogdemo/Forum/68

If you have such a link in a message or as a bookmark in your browser, and 
the ID gets changed from 68 to 67, then your link would be off.
icon4.gif   elog submit without user and password, posted by H. Scheit on Mon Jul 8 19:42:13 2002 
With elog it is possible to submit messages to a password protected
logbook without specifying the -u option.  I.e. NO PASSWORD is
necessary to submit a message.  I assume it is related to the problem
of expiring password-cookies while entering the message using a web
browser.
    icon2.gif   Re: elog submit without user and password, posted by Stefan Ritt on Tue Jul 9 10:58:18 2002 
> With elog it is possible to submit messages to a password protected
> logbook without specifying the -u option.  I.e. NO PASSWORD is
> necessary to submit a message.  I assume it is related to the problem
> of expiring password-cookies while entering the message using a web
> browser.

Indeed this problem is related to the expiring password cookies. As a 
reminder: For the submission of a new entry, the password is checked when one 
presses the "New" button, but NOT for the "submit". This is because a 
password can expire between the "New" and the "Submit", so a entered message 
could not be sent. The question is now what to do with the standalone "elog".

Right now, elog does a normal submission where the password is not checked, 
which is maybe not what one wants. But what to do? If elog sends a special 
flag "please do check password on submit", someone could analyze the source 
code, remove the flag from elog and then still submit messages without a 
password. If I put an additional flag to the web browser submission "please 
do not check the password since the cookie might have been expired", someone 
can add this flag into elog and still bypass the password checking.

Anothe thing which bothers me is if you specify the password explicitly on 
the command line of elog, it's visible in some scripts etc, which yould be a 
security issue as well.

Any ideas?
       icon2.gif   Re: elog submit without user and password, posted by H. Scheit on Tue Jul 9 15:28:33 2002 
> > With elog it is possible to submit messages to a password protected
> > logbook without specifying the -u option.  I.e. NO PASSWORD is
> > necessary to submit a message.  I assume it is related to the problem
> > of expiring password-cookies while entering the message using a web
> > browser.
> 
> Indeed this problem is related to the expiring password cookies. As a 
> reminder: For the submission of a new entry, the password is checked when
one 
> presses the "New" button, but NOT for the "submit". This is because a 
> password can expire between the "New" and the "Submit", so a entered message 
> could not be sent. The question is now what to do with the standalone
"elog".
> 
> Right now, elog does a normal submission where the password is not checked, 
> which is maybe not what one wants. But what to do? If elog sends a special 
> flag "please do check password on submit", someone could analyze the source 
> code, remove the flag from elog and then still submit messages without a 
> password. If I put an additional flag to the web browser submission "please 
> do not check the password since the cookie might have been expired", someone 
> can add this flag into elog and still bypass the password checking.

I guess it cannot and doesn't have to be 100% save.  Maybe if the web
interface is used for a new message a long random number (let's call
it newID) can be included, which elog remembers for some time (say 1
day).  Now elogd accepts a new message only if 

  1) the cookies is there and valid or
  2) if the cookies are NOT THERE, but the newID matches one of the
       stored ones.     

The new message is rejected if the cookies are there, but are wrong.

> Anothe thing which bothers me is if you specify the password explicitly on 
> the command line of elog, it's visible in some scripts etc, which yould be a 
> security issue as well.

Maybe the encoded password should be specified.  I use wget to
retrieve some entries automatically over a cron job and with wget
you specify a cookie-file with --cookie-file (or something like
this).  The content of this file corresponds to the content of the
netscape cookie file.

> 
> Any ideas?

Can one delete or edit messages with elog?  If yes then this should not be
possible.
          icon2.gif   Re: elog submit without user and password, posted by Stefan Ritt on Wed Jul 10 08:53:21 2002 
> I guess it cannot and doesn't have to be 100% save.  Maybe if the web
> interface is used for a new message a long random number (let's call
> it newID) can be included, which elog remembers for some time (say 1
> day).  Now elogd accepts a new message only if 
> 
>   1) the cookies is there and valid or
>   2) if the cookies are NOT THERE, but the newID matches one of the
>        stored ones.     
> 
> The new message is rejected if the cookies are there, but are wrong.

Ok that sounds a good idea to me, I will work on that.

> Can one delete or edit messages with elog?  If yes then this should not be
> possible.

No this is not possible.
icon5.gif   problem saving elogd.cfg, posted by Mo on Mon Jul 8 17:18:05 2002 
In version 2.0.4 of eLog I was having some problems with saving my 
configuration file once I edited it on the web using the config. command.
I keep getting the message "Cannot open file %s: elogd.cfg".  I made sure 
the file was in the right directory.  I dont know if I am doing something 
wrong or if its a bug?

Mo.
    icon2.gif   Re: problem saving elogd.cfg, posted by Stefan Ritt on Tue Jul 9 09:25:41 2002 
> In version 2.0.4 of eLog I was having some problems with saving my 
> configuration file once I edited it on the web using the config. command.
> I keep getting the message "Cannot open file %s: elogd.cfg".  I made sure 
> the file was in the right directory.  I dont know if I am doing something 
> wrong or if its a bug?

The error display is certainly wrong. I fixed that and you can download the 
updated version at 

http://midas.psi.ch/cgi-bin/cvsweb/elog/elogd.c

As for the error, you should check the file permissions. If you run the 
daemon under a user which has no write access to the directory or file, you 
would get the described error.
ELOG V3.1.5-3fb85fa6