|
| [WB22] - SAAS - Password! |
| Iniciado por DerekM, jun., 24 2017 4:11 PM - 6 respostas |
| |
| | | |
|
| |
Publicado em junho, 24 2017 - 4:11 PM |
In Version 19 - the SaaS Administrator - Client Database screen - displayed the password in cleartext.
Now - in Version 22 - this has been "improved" and the password is now hidden.
For me, this improvement seems to be a total disaster! I need the password of the SaaS Client database to point a WinDev application to the same database.
Hopefully it's just because it's late in the day or I'm a little slow - so can anyone see a way around this?
At the moment it's starting to look like a show stopper - forcing me to revert to Version 19.
Can anyone tell me if the password field is in clear text in version 20 or 21? |
| |
| |
| | | |
|
| | |
| |
Publicado em junho, 28 2017 - 3:09 PM |
It is not the same as in version 19 ??? |
| |
| |
| | | |
|
| | |
| |
Publicado em junho, 29 2017 - 1:26 AM |
[attachment 2365 Client_Password_WB19.png]
[attachment 2366 Client_Password_WB22.png] |
| |
| |
| | | |
|
| | |
| |
Publicado em julho, 01 2017 - 3:16 AM |
After 5 working days, PC Soft responded to my support request.
The answer:-
Unfortunately having the password visible was a security problem that has been fixed. There is no workaround.
I don't think there are many of you using SAAS - perhaps none using the same approach (web and desktop access) - but as PC Soft do not maintain bug or issue lists, this note is just in case anyone is in a similar position.
FYI - a redacted version of my follow-up to PC Soft is below. I'm not holding my breath that they will put themselves out to assist me.
Sorry, but I fail to understand what the security problem was that has been fixed.
The password was available to the administrator only.
I can't see either, where the risk was to the proprietary software of PC Soft.
By changing this functionality, the effect is to totally invalidate a development effort over a number of years, at the cost of several hundred thousand dollars.
The concept is simple - we are attempting to provide cross-platform software - a Web interface managed by SAAS - and the option to use a desktop client - the access managed by our administrators.
On the surface, it appears that the decision to obfuscate the database password (to our databases) has been made at the programmer level and not at an architectural level. Again, I point out that this was available to the administrator only.
This information was clearly documented in my original support request, and the implications are quite clear.
A response of "there is no workaround" is totally inadequate.
Our options then, are to either abandon an upgrade to WebDev 22 or abandon WebDev SAAS and spend several thousand dollars re-architecting our own SAAS.
Sorry, but I am not happy with this response. |
| |
| |
| | | |
|
| | |
| |
Publicado em julho, 01 2017 - 10:24 AM |
Hi Derek,
Can you explain why the on screen visibility of a password can be so important to you?
I don't understand.
Kind regards,
Piet |
| |
| |
| | | |
|
| | |
| |
Publicado em julho, 01 2017 - 12:58 PM |
Hi Piet
The SAAS structure is inaccessible. It is encrypted by PC Soft.
Although the connection structure is defined, the password value cannot be accessed even using SAAS Admin functions such as SaaSAdminSiteConnection. Any attempt to code around this is countered by 'Password property cannot be accessed by programming'.
This means that there appears to be no way of accessing a SAAS created database other than connecting with SAAS.
This is fine, if we only want to use WebDev. However, we also connect WinDev to the SAAS created databases, allowing the end-user to choose Web or Desktop. We have both WebDev and WinDev applications with identical functionality. The WinDev application can also be used as a standard c/s application, and a custom GPWLogin screen is used.
To allow end-users to access the database via the WinDev application, we get the connection parameters from SAAS Administration and write this to an initialization file.
This all works wonderfully. It is simple and effective, and allows us to sell and deploy a cross-platform solution.
Now that the password is hidden and inaccessible, this strategy is no longer valid.
Sure, I am already working on a number of work-around options. However, this all takes time and money, and it is particularly annoying because as far as I can see, there is no valid reason to hide the password of our own databases.
Best regards,
Derek |
| |
| |
| | | |
|
| | |
| |
Publicado em julho, 02 2017 - 12:19 PM |
Hi Derek,
Glad you found a workaround.
Looks like PCS SAAS is another black box solution.
Fortunately I use my own.
Kind regards,
Piet |
| |
| |
| | | |
|
| | | | |
| | |
|