ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
1154
|
Fri May 20 14:40:12 2005 |
| Alex H | alex@synergie-inf.com | Request | | 2.5.8-6 | password encryption | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Attachment 1: password.gif
|
|
1158
|
Tue May 24 20:32:08 2005 |
| Andy | nekto@myway.com | | | | Problem with auto-increment attribute | I have a very strange problem with auto-increment attribute. Here is a part of my configuration:
Attributes = Access ID, Harvest Date, Access, Species, PI, Submission date, Stain, Comments
Preset Access ID = MI-05-%03d
Type Harvest date = date
Type Submission date = date
I tried to add new entry, and it's Access ID is MI-05-001. But when I'm adding another entries,
there Access ID is MI-05-006
I found only one mention of using increment in documentation.
What I'm doing wrong? |
1159
|
Fri May 27 14:48:05 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | | 2.5.8-6 | Re: password encryption |
Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
1160
|
Mon May 30 10:01:14 2005 |
| Alex H | alex@synergie-inf.com | Request | | 2.5.8-6 | Re: password encryption |
Stefan Ritt wrote: |
Alex H wrote: | Hi Stefan,
I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
Unfortunately there is no real way around that. If a password is entered into a text box, it is always transferred in plain text (which means that in security-sensive installations one should always use SSL together with elog). I encrypt it on the server side and do an immediate redirect which "hided" the plain password, but if your connection is slow, you might see it for a moment. Unless nobody has a clever idea of how to prevent this, we're out of luck. |
Oki Thanks for the answer .
Alex |
1176
|
Sat Jun 4 14:00:17 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | | 2.5.8-6 | Re: password encryption |
Alex H wrote: | I have found a little problem with elog. I'am using ELOG V2.5.8-6. When I'am on the logon page,
I type my Login and password and hit "submit", in the bottom of IE, we can show my password without encryption, it can be dangerous. I have made a screenshot to explain my problem better.
Could you fix it for the next release ?
Thanks a lot.
Alex |
I switched the login page to the HTTP "POST" method, where arguments are not passed in the URL.
The new version is under CVS. Can you try if the behaviour is better now? I upgraded also the ELOG forum, so you can try there as well. |
1307
|
Mon Jul 25 10:14:27 2005 |
| Dinesh Bapat | dinesh.bapat@gmail.com | Question | | | Summary page | Hi,
This might be a stupid question.
But I was unable to fix it. Hence asking for help. I have set config as
List Display = ID, Author, Type, When, Subject
But "Summary" page of my e-log continues to display additional column "Text". Kindly advise how to hide this last column. Also, is it possible to assign % width for each of these columns (ID, Author, Type, When, Subject)
Thank you
Regards
Dinesh |
1308
|
Mon Jul 25 10:24:23 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | | | Re: Summary page |
Dinesh Bapat wrote: | But "Summary" page of my e-log continues to display additional column "Text". Kindly advise how to hide this last column. |
Summary lines = 0
Dinesh Bapat wrote: | Also, is it possible to assign % width for each of these columns (ID, Author, Type, When, Subject) |
Yes, via the Cascading Style Sheets, but only for the single display page. First put a
Format Author = 0, author_name, author_value
then put into your default.css following sections:
.author_name {
width:10%;
text-align:right;
font-size:14pt;
background-color:#AAAAFF;
border:1px solid #0000FF;
border-top:1px solid white;
border-left:1px solid white;
padding:3px;
}
.author_value {
width:10%;
font-size:14pt;
border:1px solid #308000;
border-top:1px solid white;
border-left:1px solid white;
background-color:#BBCCBB;
padding:3px;
}
Here you can then play with the width, font-size etc. I use this for example for the large subject dispaly in this forum.
On the list display however, the column width is determined by the browser, which tries to optimally arrange the colums for best readability. |
1351
|
Wed Jul 27 17:38:25 2005 |
| Chris Green | greenc@fnal.gov | | | | Notify email recipient of attachments without including? | Hi,
Our elog is going to be taking some large attachments. I've disabled the attachments from going out in the email, but I'd like email recipients to know that the post has attachments associated with it. Is there a mechanism to do this already, or would it be an enhancement? I'm looking for something like:
Email Notify Attachments = 0 | 1 | 2
Where 0 = no notification,
1 = number only,
2 = list
... independent of whether attachments are included with the email itself.
Thanks,
Chris. |
|