| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1127
|
Mon May 2 16:01:13 2005 |
 | Stefan Ritt | stefan.ritt@psi.ch | Request | All | | Re: per entry "expand" in threaded view | > LOL ..this way I can't see the list of other threads .. so il my goal is to inspect the thread
> looking for something I have to:
> - open the 3d
> - return to 3d list
> - open another 3d ..
> [loop]
>
> my wish would be to reduce it to
> - open the 3d
> - open another 3d ..
> [loop]
Well, I have the browser's back button on one of my mouse buttons, so "- return to 3d list" is one
mouse click. My policy is: If I can save someone two or more mouse clicks for am operation, I will
implement it. If it's less, it's not worth investing some hours of programming just to save 0.5s
each tim (;-).
Ok ok, I'll put it on the wish list. Just in case I'm running out of work. :-) |
|
1154
|
Fri May 20 14:40:12 2005 |
 | Alex H | alex@synergie-inf.com | Request | | 2.5.8-6 | password encryption | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
|
1159
|
Fri May 27 14:48:05 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | | 2.5.8-6 | Re: password encryption |
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
|
1160
|
Mon May 30 10:01:14 2005 |
| Alex H | alex@synergie-inf.com | Request | | 2.5.8-6 | Re: password encryption |
| Stefan Ritt wrote: |
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
Oki Thanks for the answer  .
Alex |
|
1161
|
Mon May 30 19:18:34 2005 |
 | Gary Clayson | g_clayson@sbcglobal.net | Request | Windows | 2.5.8-6 | Re: password encryption | Hello Alex and Stefan,
I know of only one way to "hide" the text of the status bar in a web browser;
use JavaScript - specifically the status method (as in the following example):
<!-- the following goes in the body of the document, perhaps in a link. -->
<!-- sample link -->
<a href="javascript://place link url here"
onMouseOver="window.status='Status Bar Text Goes Here'; return true">Link Text Here</a>
<!-- place the following script in the head of the document -->
<script language="JavaScript" type="text/javascript"><!--
window.defaultStatus="Default Status Bar Text Here";
--></script>
Of course the above only works in those browsers that support javascripting,
but it is one way to hide the actual text of links from the user.
Hopefully this helps you!
Gary Clayson
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
|
|
1162
|
Mon May 30 19:56:01 2005 |
| Emiliano Gabrielli | AlberT@SuperAlberT.it | Request | Windows | 2.5.8-6 | Re: password encryption |
| Gary Clayson wrote: | Hello Alex and Stefan,
I know of only one way to "hide" the text of the status bar in a web browser;
use JavaScript - specifically the status method (as in the following example):
<!-- the following goes in the body of the document, perhaps in a link. -->
<!-- sample link -->
<a href="javascript://place link url here"
onMouseOver="window.status='Status Bar Text Goes Here'; return true">Link Text Here</a>
<!-- place the following script in the head of the document -->
<script language="JavaScript" type="text/javascript"><!--
window.defaultStatus="Default Status Bar Text Here";
--></script>
Of course the above only works in those browsers that support javascripting,
but it is one way to hide the actual text of links from the user.
Hopefully this helps you!
Gary Clayson
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
|
I don't have double checked .. but .. why we need to pass the sensible information in the Query String ??
Are you sure that putting it in an hidden field (and eventualli using a GET methon in the <form>-tag) can't be a solution? |
|
1163
|
Mon May 30 20:16:11 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | Windows | 2.5.8-6 | Re: password encryption |
| Emiliano Gabrielli wrote: |
I don't have double checked .. but .. why we need to pass the sensible information in the Query String ??
Are you sure that putting it in an hidden field (and eventualli using a GET methon in the <form>-tag) can't be a solution? |
Hidden means only these fields are not shown in the form, but they are added to the URL in the same way as non-hidden fields. But I got another idea: I will try to use a POST form instead of the GET form. Using the POST method, fields are attached to the request and not present in the URL. Hope this will work. When I find some time to work on it I will let you know. |
|
1164
|
Tue May 31 09:07:37 2005 |
 | Alex H | alex@synergie-inf.com | Request | Windows | 2.5.8-6 | Re: password encryption | | Thanks Stefan 8) |
|