Hello,

   Thank you for such a great piece of software!

   When displaying the entries in a log book with Summary view, ELCode is not processed in 'Text'. I know there
is an option called 'Allow HTML", but is there something similar for decoding ELCode in the Summary 'Text' field?

Thank you again,
   - Dan

God really STRANGE and problematic effect on 2.5.5-1 (can't remember it this
was with 2.5.5 or 2.5.4-X but i'm nearly sure it worked well):

Entering a date (Formate Bithday = date) may crash down the server:
Value is 22.2.2004: Everything is well
Value is 22.2.1962: Server crashes emmediatly (menas restarzing several
times, always the same problem)

I do not have time to check true all the years for finding out where the
problem may beginn, sorry. Also I was not able to check on other systems
right now. My system: Win XP Pro SP 1, IE 6 as well as Mozilla Calssic 1.7.3. 

Didn't check it under Linux right know in case of a lot work.

Clould you this fix please Stefan???  THANK'X!!!

Hi,

I have an ELOG installation on a RedHat linux server, called myserver. I 
can connect to this server with the following entries in the elogd.cfg file:
   [global]
   URL=http://myserver:8080
This works fine. I can log in, select logbooks, edit/create entries etc. 
etc.

However, I want this connection to be encrypted. So I activate stunnel (v4) 
in such a way that stunnel listens to port 8081 and forwards to the 
("remote") port 8080, which is the "original" elog port. I change the URL= 
entry in de elogd.cfg file to URL=https://myserver:8081 in order to use the 
SSL encrypted connection.

At this time, when I connect to https://myserver:8081 I get the 
welcome/login screen, but when I enter the (correct) username and password, 
the elog program does not show the contents of the logbook buts shows the 
loginscreen again. If I enter a wrong username/password, I do get a correct 
error-screen. So it seems that the connection is correct, but there is some 
sort of problem in ELOG. Anyone who can give me a hand here?

Contribution available for all who wants to make SKIN for ELOG!

You are invited to benefit from this free info!

Just click on the "Contributions" tab to find the info (look for ID6).

Or... goto          http://midas.psi.ch/elogdemo/Contributions/6

To obtain the newest source code of ELOG, go to the CVS repository at

http://midas.psi.ch/cgi-bin/cvsweb/elog/src

It contains usually the newest bug fixes, which will show up in the next 
realease. On the other hand it can also contain some new features, which 
are not yet fully tested, so care should be taken when using it. The 
revision comments usually explain what is new in that revision.

Dear ELOG users,

It has been brought to my attention that ELOG has a vulnerability through
which one can obtain a remote shell (meaning to log in to your machine
through elog). There is even an exploit available which demonstrates that
both for linux and windows.

This is a severe security problem for all logooks which can be seen from
outside, even if they have password protection on. I strongly recommened to
upgrade to elog version 2.5.7 as soon as possible if you run a public elog
server.

Here is some explanation for the technically interested:

The problem arises from a strcpy() in the decode_post() routine, which
triggers a buffer overflow when attachment file names longer than 256
characters are submitted. I replaced (hopefully) all strcpy() with strlcpy()
to fix this problem, but if someone sees a location which I have missed,
please tell me.

The second vulnerability had to do with write passwords. If you put a "write
password = xxx" statement into your config file, it was still possible to
download the config file with a special hand-written URL, and decode the
write password, which is usually only base-64 encoded unless you haven't
compiled elog with the -DHAVE_CRYPT flag. I have changed that so if a write
password is present, the download is only possible when this password is
submitted in each request. If this has some effects on synchronizing of
logbooks, please let me know.

Stefan Ritt

Hi, All.  We have been successfully using ELOG in a limited deployment for a couple years now.  However, we are about to embark on a new project that could run for up to 10 years, and are wondering what sort of scalability we can expect from ELOG.

Are there any problems we can expect to run into as the number of entries grow?  I see in a previous thread that "elog runs fine for a few 10000 entries. At 100000 entries it starts getting slow."  Is this still the case, or have any improvements been made?  What sort of problems would we expect to run into?  Any examples of existing large deployments would be very useful.

Many thanks,

Devin