Recently central IT scanned our elog server and reported the following "vulnerabilities"

• 42873 (1) - SSL Medium Strength Cipher Suites Supported (SWEET32)
• 51192 (1) - SSL Certificate Cannot Be Trusted
• 65821 (1) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
• 85582 (1) - Web Application Potentially Vulnerable to Clickjacking

Is there any easy way of preventing these

Thanks and Best Wishes

David

Hello,

When using restrict edit time together with autosave, there is the following problem: The counter for restrict edit time seems to start after the autosave. If the time is up, it is no longer possible to submit the report.
It is also not possble to edit old drafts if restrict edit has elapsed since the creation of the save.
Autosave is definitively a nice new feature. However, I think it would be better if the counter for restrict edit time only started after the "submit" of the report and allowed edits to drafts no matter how old they are. As it is one needs to either set a really high value for restrict edit time or turn off autosave.
The issue seems to be related to: https://midas.psi.ch/elogs/Forum/68103

Regards

Kester

Hello,
I have experienced some inconveniences with the restrict edit time option.

First, it is not possible for admin users to edit an entry after the edit time.
The restrict edit option allows admin users to edit posts from other users,
so I think admins should also be allowed to edit posts after edit time.
As they can edit the config and temporarily disable the restrict edit time option, which is an issue.

Secondly, if a user made a draft and did not submitted it before the edit time runs out,
the draft got stuck as it cannot be edited (and submitted) any more.

Best wishes,
Sebastian

Dear all,

I am trying to get elog used in our company but I need some help.
I have two small questions:

-1- how can I restrict the access 
of a certain user such that he can only see certain logbooks. 
But also not showing the other logbooks on the selection page.
So we could have a tree like this:

Stage one
|
|->Stage 2
       |
       |
      / \
     |   |
    Co1 Co2
    /     \
  job     job

So when Co1 logs in the should not be able to see Co2 and the attached job

-2- How can I have a login page instead of the logbook selection page.
When I insert the password statement the config, I get a blank page.

Is it possiblet to restrict a field so that when a new record is added, whatever the user types is automatically converted to lower case?

Thanks!

For heightened security, we allow access to our ELOG installation from offsite through an apache proxy.  Therefore, the URL for our ELOG becomes http://www.lepp.cornell.edu/proxy/elog/ .  Everything seems to work properly with this setup except for the "reset password" utility.  When trying to reset ones password, the link sent in the "Password recovery" email becomes, for example:

http://www.lepp.cornell.edu/proxy/elog/ERL+W128/?redir=%3Fcmd%3DChange+password...

When using this link, the redirect redirects you to:

http://www.lepp.cornell.edu/ERL+W128/?cmd=Change%20password...

Which does not work.  Instead, the redirect should point to:

http://www.lepp.cornell.edu/proxy/elog/ERL+W128/?cmd=Change%20password...

After submitting a new post, if the page is left completely alone,, it will after a few minutes prompt that the page needs to resend information.

This is the same prompt you'd get if you attempt to refresh a page that had session variables passsed to it. Example is attached.

Is there something in my config that could cause this?   This is a fresh install of the latest verison however my elogd.cfg file has been migrated throuh many installs over many versions, so it's very possible this is something following along.

thanks.