Announcement

Collapse
No announcement yet.

DEAR NETMAKE - please fix Security module mess

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DEAR NETMAKE - please fix Security module mess

    Until recantly I did not have a need to get into the SECURITY module, but last few days I'm working with it and I'm pulling my hair out.

    Please fix the Security module problems and create some documentation. I noticed that when dealing with existing database generated code gets messed up. Even the column names from existing table cannot be red, and some columns (like Login or Password are skipped). There are some variables which are not documented and also there is to much staff hidden from the user. I also have problem with MD5 encryption so existing hashed passwords cannot be red.
    The authentication scenarios are a mystery (the short help doesn't really explains what's the difference between them and there is no documentation in HELP. There is also an LDAP option in the wizard which is completely undocumented ! what a shame :-(
    -----------------------------------------
    Arthur Klisiewicz
    dATA POINT SOFTWARE
    www.datapointsoftware.com

  • #2
    You can grab some working ldap code from elsewhere in the forum under my name. And you could build your own security that is easier and customised by simply testing for some cookie/http post parameter and determine if a page is shown or not based on that.
    I agree that the documentation is lets say.. absent....

    Comment


    • #3
      Originally posted by rr View Post
      You can grab some working ldap code from elsewhere in the forum under my name. And you could build your own security that is easier and customised by simply testing for some cookie/http post parameter and determine if a page is shown or not based on that.
      I agree that the documentation is lets say.. absent....
      I agree that the docs could be (far) better. But I disagree on the security module, it works well although there is room for improvement. Regarding LDap, rr is right we never used that in combination of the ldap rights, just for verifying people's account (userid/psw). It requires only a few lines of code to verify against ldap so we do that ourselves. Once logged in we use the macro's to enable/disable modules but in general the standard security way could be used. As aducom I used this module a lot w.o. issues. Improvement could be multiple roles, and a better display of modules (descriptions in stead of the filenames). If you use the largest module (users/groups/rights) it's a hell of a job maintaining all checkboxes.
      Albert Drent
      aducom software netherlands
      scriptcase partner, reseller, support and (turn-key) development
      www.scriptcase.eu / www.scriptcase.nl

      Comment


      • #4
        - I have tried to use Security module with Joomla - NO LUCK, there are problems with MD5 encryption (probably not the same algoritm versions).
        - Albert - have you tried to use it with exsisting database where fields names do not match exactly the Module fields? When I tried to match the fields in whe Wizard they got screwed up in the code...
        - when I looked in the code there are some variables which are completely undocumented
        - I have no idea what LDAP is, never used it, but perhaps would like to learn how to use it with SC

        Arthur
        -----------------------------------------
        Arthur Klisiewicz
        dATA POINT SOFTWARE
        www.datapointsoftware.com

        Comment


        • #5
          LDAP is a way to get information about a user in a general manner. It's a standard, (leightweight directory access protocol or something). It allows you to retrieve information about users and we use it to authenticate the university users. I did tried once to bind the vars to my own database and it worked well. I use E107 as a CMS and integrated login info to that. And the MD5 is compatible as it's a php procedure. http://www.php.net/manual/en/function.md5.php

          Yes in the code not everything is documented, it's not intended for that I guess. But it's not that hard to change.
          Albert Drent
          aducom software netherlands
          scriptcase partner, reseller, support and (turn-key) development
          www.scriptcase.eu / www.scriptcase.nl

          Comment


          • #6
            Hello,

            Issue reported to our bugs team.

            regards,
            Bernhard Bernsmann

            Comment


            • #7
              bartho - this was posted / reported to NM 10 months ago. Can you update on any progress please
              -----------------------------------------
              Arthur Klisiewicz
              dATA POINT SOFTWARE
              www.datapointsoftware.com

              Comment


              • #8
                Originally posted by aka View Post
                Until recantly I did not have a need to get into the SECURITY module, but last few days I'm working with it and I'm pulling my hair out.

                Please fix the Security module problems and create some documentation. I noticed that when dealing with existing database generated code gets messed up. Even the column names from existing table cannot be red, and some columns (like Login or Password are skipped). There are some variables which are not documented and also there is to much staff hidden from the user. I also have problem with MD5 encryption so existing hashed passwords cannot be red.
                The authentication scenarios are a mystery (the short help doesn't really explains what's the difference between them and there is no documentation in HELP. There is also an LDAP option in the wizard which is completely undocumented ! what a shame :-(
                I've reported some troubles with security mode already
                http://www.scriptcase.net/forum/show...0245#post30245
                http://www.scriptcase.net/forum/show...0778#post30778
                http://www.scriptcase.net/forum/show...0043#post30043

                Comment


                • #9
                  That is a problem with NetMake, that had some issues and no fix very fast. I have open 4 tickets with bugs 3 or 4 months, so far, the answer is "Development team is working on that". I think important comment this in http://www.scriptcase.net/forum/show...PHP-generators but I dont have a lot experience in order to denigrate of Scriptcase or NetMake. I think that NetMake, could inform to us the ETA for all bugs.

                  Regards,

                  Comment


                  • #10
                    Hi Albert,

                    Originally posted by aducom View Post
                    I agree that the docs could be (far) better. But I disagree on the security module, it works well
                    I'll take an exception to that. I've attempted to apply the security module using group based security. The term "mess" used by the OP is generous IMO.

                    As an example, when a group is applied to a user, why is a new group generated by the program? By example, we start of with four groups, "Administrator', 'Moderators', 'Members' and 'Guests'.

                    Now one of those is assigned to a user. The security module now generates a new sec_group record, with an incrementing number as the description field value. Do this six times and I have '1', '2', '3', '4', '5', '6', "Administrator', 'Moderators', 'Members' and 'Guests' etc..

                    If that's not enough, after extensive successful testing on local servers that mimic the intended remote server environment we deploy and what do we get after configuring the DB connection and logging in successfully? "Unauthorised user" error on the call from app_login to the menu.

                    I figure given the hours wasted trying to get group based security to work and instead of wading through Netmake's module it may be better for my blood pressure to re-invent the security wheel from scratch.

                    There, I feel a little better now....
                    Last edited by GuiGuy; 09-24-2015, 10:17 PM.
                    The GuiGuy
                    ... from Down Under

                    Comment


                    • #11
                      I agree. This makes my client complain.

                      www.LiviApps.com (Scriptcase International)
                      www.OwenSolution.com (Scriptcase Indonesia)

                      Comment


                      • #12
                        Originally posted by GuiGuy View Post
                        [...] it may be better for my blood pressure to re-invent the security wheel from scratch.
                        I'am beginning with SC 5.x and since that version i have my own group based security module. I use that with small additions over time now in SC 8.1. Blood pressure is normal ... .
                        Best regards: - Reinhard -

                        I use ScriptCase 8 Enterprise Edition, Version 8.(latest)

                        Comment


                        • #13
                          THIS INITIAL POST WAS CREATED TWO YEARS (yes 2 years) ago. SECURITY MODULES STILL DO NOT WORK AS EXPECTED.
                          -----------------------------------------
                          Arthur Klisiewicz
                          dATA POINT SOFTWARE
                          www.datapointsoftware.com

                          Comment

                          Working...
                          X