Re: password encryption, posted by Alex H on Mon May 30 10:01:14 2005
|
| Stefan Ritt wrote: |
| Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
Oki Thanks for the answer  .
Alex |
|
Re: elog & firefox pipelining, posted by Emiliano Gabrielli on Tue Jun 7 13:12:25 2005
|
| Stefan Ritt wrote: |
| Emiliano Gabrielli wrote: | Having the Firefox pipelining feature enabled makes elog unable to correctly show avery attachment in the full view when a quite large number of them is present..
disabling pipelining makes all works fine again |
As is said:
Pipelining is an experimental feature, designed to improve page-load performance, that is unfortunately not well supported by some web servers and proxies.
So what do you expect 
I have not checked in detail, but it seems that the browser fires off several requests in parallel, one for each image. This can only be handled by a multi-threaded server, which elog is not (yet). What is more an issue for elog in relation to multi-threading is that one long request blocks all other users. So if I do a synchronize for example from home, the server can be nonresponsive for a minute or two. I have some plans for making it multi-threaded, but as you can imagine this is not so simple to do in a portable way. |
You are right .. I'll wait the m-t support then ghghgh |
|
Some spell mistakes, posted by Exaos Lee on Sun Oct 9 20:49:41 2005
|
I find some new strings from the warnings like this:
| Quote: | | Language error: string "HelpELCode" not found for language "chinese" |
I have added these new string to the languages files in Chinese. I think:
"Enter name of hypelink" should be "Enter name of hyperlink". |
|
Re: Date format in Threaded display, posted by Ibrahim Genc on Tue Oct 17 13:03:22 2006
|
| deletoille wrote: | hello,
Time format = %d/%m/%Y, %T
Thanks in advance |
I think "date format" and "time format" are different tags.
you may try to use date format here. |
|
lost elogd.cfg, posted by ribo on Fri Dec 19 14:59:29 2008
|
Hi
I’m running SLES Linux Box with Elog 2.7.4, until yesterday everything was running perfectly. Now elog is not running anymore, because the elogd.cfg where i made changes for my use is lost.....(arghhhhh......) The logbooks ar still under /usr/local/elog/logbooks aviable.
Now i would like to upgrade to the latest version of elog. How to i made my logbooks available ?
thanks for your feedback.
ribo |
|
Authentication error message, posted by soren poulsen on Tue Mar 15 17:37:19 2011
|
It is very good to have Kerberos authentication available. It is just the error message which is a bit cryptic.
If you enter your Kerberos password once, and later fail to authenticate with a wrong password, you get:
Kerberos error:
Decrypt integrity check failed.
Please check your Kerberos configuration
That is not really urgent!
Soren
|
|
Re: Vulnerability?, posted by Andreas Luedeke on Fri Apr 22 12:55:21 2022
|
> it would be good if the current state was listed in https://elog.psi.ch/elogs/Vulnerabilities/
> It seems there's now updated builds for at least windows, and the debian package still outdated?
>
> Personally, I don't think removing download links and pulling packages should be more than a temporary measure.
> Treating people fairly IMHO means they should be able to reach a safe version by the same means that brought and left them exposed.
>
> A clear central source would be best, one that has
>
> - package autobuilds
> - source
> - cve list
>
> If I understand correctly, currently only the source is up to date?
>
>
> (I found py_elog on Github, so it could be an easy option to mirror ELOG there and let some free service handle the autobuilds.
> I don't know how well one can flag vulnerabilities there, but likely it's possible, and ideally more people would help there.)
>
>
> p.s.: My hat is off to the sysadmin who checked carefully, I wanted to introduce ELOG in a windows-centric place and I can't swear I would have checked this (official) download as well.
Very good ideas! Go ahead and implement them! We very much appreciate your contribution. |
confused name in the attributes section, posted by Etienne Van Caillie on Tue Jan 21 10:04:46 2003 
|
do not use confused name in attributes
**************************************
like
Attributes Type, Type2
the info on Type2 will be placed in the Type also
see attachment 1
Never use confused name like '
Attributes PC_Memory, Memory
If Stephan need more info I can send a exemple of the logbooks
Etienne |