Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 601 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Collapse | Expand  Show only new entries    6457 Entries 
Goto page Previous  1, 2, 3 ... 600, 601, 602 ... 806, 807, 808   Next  
    icon2.gif   Re: results of security scan, posted by David Stops on Thu Nov 4 13:48:00 2021 

Thanks, I'll try that and see what happens

 

David

Stefan Ritt wrote:

The elgod.c progarm itself is rather weak in SSL, since I just don't have time to catch up with the latest SSL enhancements. The safest you can do is to put an industry-strenth web server like Apache in front of elogd and let that server handle the SSL layer.

Stefan

David Stops wrote:

Recently central IT scanned our elog server and reported the following "vulnerabilities"

  • 42873 (1) - SSL Medium Strength Cipher Suites Supported (SWEET32)
  • 51192 (1) - SSL Certificate Cannot Be Trusted
  • 65821 (1) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
  • 85582 (1) - Web Application Potentially Vulnerable to Clickjacking

Is there any easy way of preventing these

Thanks and Best Wishes

David

 

 

icon5.gif   redirect errors via apache2, posted by djek on Mon Jan 23 10:30:51 2006  
Since elog 2.6.0 we cannot redirect our elog via apache2.

in apache2.conf we have (had for a long time):
Redirect permanent /elog http://elog.oursite.com/elog/
ProxyPass /elog/ http://elog.oursite.com:8080/

When visiting the url, this results in:
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /elog/myelog/.

After testing we found that ELOG V2.6.0-beta2 works just fine.
2.6.0 stable crashes after visiting a redirected url.

Running on debian sarge
    icon2.gif   Re: redirect errors via apache2, posted by djek on Mon Jan 23 11:18:48 2006  
> > Since elog 2.6.0 we cannot redirect our elog via apache2.
> > 
> > in apache2.conf we have (had for a long time):
> > Redirect permanent /elog http://elog.oursite.com/elog/
> > ProxyPass /elog/ http://elog.oursite.com:8080/
> > 
> > When visiting the url, this results in:
> > The proxy server received an invalid response from an upstream server.
> > The proxy server could not handle the request GET /elog/myelog/.
> > 
> > After testing we found that ELOG V2.6.0-beta2 works just fine.
> > 2.6.0 stable crashes after visiting a redirected url.
> > 
> > Running on debian sarge
> 
> Have you tried 2.6.1. I released it just recently, so I don't know when it will be available for Debian.

No it doesn't work with 2.6.1. I hoped it would be fixed, but I should have reported it sooner.
I compiled 2.6.1 myself.
The original version was a debian package, after that, we compile elog ourselves and copy elogd manually over the old
version. Just to stay up-to-date.

> Have you checked that your "URL = xxx" statement in the config file is correct? I see above "myelog", while the
proxy passes requests to "elog".

I changed our urls, just to be safe.
myelog is a 'sublogbook', like forum here. http://elog.oursite.com/elog/myelog

We are running V2.6.0-beta2 and it runs fine, without any alterations to our config files.
All previous versions runned fine too.

update:
After further testing on a different server, it seems to be an issue with the proxy and the proxy_http modules in sarge.
after loading and unloading  proxy_http this is the error:
The proxy server received an invalid response from an upstream server.
    icon2.gif   Re: Elog 2.3.3, problems of 2.3.2 solved, posted by djek on Thu Mar 20 21:07:09 2003  
> > After upgrading from 2.3.1 to 2.3.3, elog is not able to load any resources
> > as stylesheets, images or passwordfiles.
> > 
> > Cannot open file /usr/local/elogdata/logbooks/djeks/password!
> 
> If you installed from the RPM, elogd runs under the user "elog". If you have 
> installed a previous version under a different user, it might be that elogd 
> does not have read or write access to it. A 
> 
> "chown -R elog.elog /usr/local/elogdata"
> 
> might help.
>
 
It did, a lot, guess I missed that one in the changelog.

Had some trouble with subdir too:
changed it to its full path
restarted elogd
worked

As a test I changed subdir to it's relative path
restarted
It kept working

mmmm, I wonder where that twighlight tune comes from ...
icon12.gif   Elog 2.3.3, problems of 2.3.2 only partly solved, posted by djek on Thu Mar 20 21:07:09 2003  
After upgrading from 2.3.1 to 2.3.3, elog is not able to load any resources
as stylesheets, images or passwordfiles.

Cannot open file /usr/local/elogdata/logbooks/djeks/password!

oops?
icon8.gif   images in elog in safari, posted by David Jaffe on Thu Mar 26 02:33:59 2009 

i cannot view images in elog, either as attachments or as icons,

safari 3.2.1 mac os x 10.5.6

 

Thank you

David

icon5.gif   Show dropdown menus as a function of selecting an option in another dropdown menu, posted by Diogo Alves on Thu Nov 5 10:17:19 2009 
Hello,
I'm having some difficulties in having a tasks manager up and running.
The total attributes list is:
 
- Attributes = List, Project, SubProject, SubSubProject, Title, Priority, Context, Status, Due Date, Start Date, Alarm, Repeat
 
I would like to have the interface display the following attribute when I click "New":
 
- List (Options = Personal, Work)
 
After choosing a List "Personal" I would like to have the following attributes available for edit:
 
- List (Options = Personal, Work)
- Project (Options = Dummy1)
- Title
- Priority (Options = ...)
- Context (Options = ...)
- Status (Options = ...)
- Due Date (datetime)
- Start Date (datetime)
- Alarm (datetime)
- Repeat (Options = ...)
 
After choosing the Project "Dummy1" I would like to have the following attributes available for edit:
 
- List (Options = Personal, Work)
- Project (Options = Dummy1)
- SubProject (Options = Dummy2)
- Title
- Priority (Options = ...)
- Context (Options = ...)
- Status (Options = ...)
- Due Date (datetime)
- Start Date (datetime)
- Alarm (datetime)
- Repeat (Options = ...)
 
where Dummy2 is an option of the SubProject attribute only because Dummy1 was the chosen option of attribute Project.
 
What happens is that when I choose Dummy1 from the Project attribute, the SubProject attribute is not displayed in order to be editable.
 
Is there a way around this?
 
Thank you.
Kind Regards,
Diogo
 
Here's the configuration file relative to the "Tasks" logbook:
================================================
Password file = passwords.pwd
Self register = 0
Admin user = someuser
Login user = someuser
Allow password change = 1
Theme = default
Comment = Task Manager

Attributes = List, Project, SubProject, Title, Priority, Context, Status, Due Date, Start Date, Alarm, Repeat
List display = ID, Date, Author, List, Title, Priority
Show Attributes Edit = List

Options List = Personal{1}, Work{2}
Options Priority = High, Medium, Low, None
Options Context = @ Home, @ Work - IST
Options Status = Not Started, Start Delayed, Started, Started - On Hold, 1/4 Done, 1/4 Done - On Hold, 1/2 Done, 1/2 Done - On Hold, 3/4 Done, 3/4 Done - On Hold, Done
Options Repeat = Hourly, Daily, Weekdays, Weekend days, Weekly, Monthly, Yearly

{1} Show Attributes Edit = List, Project, Title, Priority, Context, Status, Due Date, Start Date, Alarm, Repeat
{1} Options Project = Dummy1{11}
{11} Show Attributes Edit = List, Project, SubProject, Title, Priority, Context, Status, Due Date, Start Date, Alarm, Repeat
{11} Options SubProject = DummyChild1

Extendable options = List, Project, SubProject, SubSubProject
Type Due Date = datetime
Type Start Date = datetime
Type Alarm = datetime
Required Attributes = List, Title
Reverse sort = 1
Default encoding = 0 ; ELcode
Thumbnail size = 500
 
    icon2.gif   Re: Problems with SSL and Synchronization, posted by Diogo Alves on Mon Nov 9 09:32:19 2009 

Stefan Ritt wrote:

 

Mark Langkau wrote:

I installed ELOG on a Linux server (CentOS 5.2) and a WinXP laptop.

- If I set both servers to non-SSL, I can synchronize with no problems.

- If I set both servers to use SSL, synchronization fails with "Error code: ssl_error_rx_record_too_long" 

- If I set one to ssl and the other non-ssl, synchronization fails with "Remote server is not an ELOG server"

Is anyone synchronizing or mirroring two ELOG servers with SSL? When either or both servers are set to use SSL, I can use either site. but I can't synchronize.

 

Synchronization with SSL does not yet work. I have to find some time to implement it. Since you are already the second one mentioning this, it slipped higher on my to-do list  

 Count me also in for the to-do list climbing :-D

Goto page Previous  1, 2, 3 ... 600, 601, 602 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6