SVN R#32, some new cool stuff, but incomplete implementation...
Page: 1
Recent posts in this topic
Staff
Ilija Studen
on Aug 20. 2006. 3:07 am
Hi everyone,
Just to let you know that there are some fresh changes in the repository that might make you some trouble. The way user passwords are stored and logins sessions are maintained has been changed so we can provide a more secure login. Attacker will need to know at least two random params to be able to restore the session (only one earlier), dictionaries are useles when bruting password because there is a long salt string in front of it and there is a twister from session ID (session ID is random, twister is random).
Problems:
- if you want to keep your user data you'll need to wait for small upgrade script
- if you are making a clean install from SVN you'll need to wait for a small tool that will let you create administrator user and owner company on first run (one of the things that is moved from the installer to provide easier way for creating automated installers).
In short: there are some pretty interesting new things here, but it will take me a few more hours to make it all run from first for users who want to play with SVN code. I'm really tired now and need to get some sleep...
Just to let you know that there are some fresh changes in the repository that might make you some trouble. The way user passwords are stored and logins sessions are maintained has been changed so we can provide a more secure login. Attacker will need to know at least two random params to be able to restore the session (only one earlier), dictionaries are useles when bruting password because there is a long salt string in front of it and there is a twister from session ID (session ID is random, twister is random).
Problems:
- if you want to keep your user data you'll need to wait for small upgrade script
- if you are making a clean install from SVN you'll need to wait for a small tool that will let you create administrator user and owner company on first run (one of the things that is moved from the installer to provide easier way for creating automated installers).
In short: there are some pretty interesting new things here, but it will take me a few more hours to make it all run from first for users who want to play with SVN code. I'm really tired now and need to get some sleep...
activeCollab Team Member | Experiment: activeCollab on Twitter
Is there small upgrade script/tool for us, impatient SVN users? ;-)
Staff
Ilija Studen
on Aug 24. 2006. 11:53 am
Yes, there is. Check this topic.
activeCollab Team Member | Experiment: activeCollab on Twitter
Topic is locked. If you have something important to say about issues discussed on this page please write at hi@a51dev.com.
