There is always going to be customised settings and the way to handle this is to keep a directory of the changes that need to take place and when doing the upgrade copy over the files into the new install, This is very painful I know but in the bigger scheme of things the time saved using this development tool far outweighs the effort to copy over the custom settings on every upgrade.
SSL is part of the Tomcat setup
If you want to get SSL going check this link out (BTW you don't have to subscribe to an authenticator to get a secure link in place)
http://www.awareim.com/forum/viewtopic.php?t=3554
Obfuscation of url LINKS - Pitch in ?
SSL
ACDC, what did you mean here? Is it possible to get https/SSL without using a authenticator?ACDC wrote:(BTW you don't have to subscribe to an authenticator to get a secure link in place)
Henrik (V8 Developer Ed. - Windows)
What I meant was that you don't have to subscribe to a third party issuer to get SSL working.
This would however result in the user at time of login getting a warning that the link has not been verified , but once the user has accepted the status, then the warning in future normally does not appear again and the SSL link will prevail
So you basically end up managing your own fake certificate from your server
Obviously this is not the right way to do things, but it serves the purpose of a secure link for testing or for use in a controlled user base and where you may be using a ip address in the url as opposed to a domain name
If you google "install ssl without certificate" you will find a lot more information on the topic
This would however result in the user at time of login getting a warning that the link has not been verified , but once the user has accepted the status, then the warning in future normally does not appear again and the SSL link will prevail
So you basically end up managing your own fake certificate from your server
Obviously this is not the right way to do things, but it serves the purpose of a secure link for testing or for use in a controlled user base and where you may be using a ip address in the url as opposed to a domain name
If you google "install ssl without certificate" you will find a lot more information on the topic
What I meant was that you don't have to subscribe to a third party issuer to get SSL working.
This would however result in the user at time of login getting a warning that the link has not been verified , but once the user has accepted the status, then the warning in future normally does not appear again and the SSL link will prevail
So you basically end up managing your own fake certificate from your server
Obviously this is not the right way to do things, but it serves the purpose of a secure link for testing or for use in a controlled user base and where you may be using a ip address in the url as opposed to a domain name
If you google "install ssl without certificate" you will find a lot more information on the topic
This would however result in the user at time of login getting a warning that the link has not been verified , but once the user has accepted the status, then the warning in future normally does not appear again and the SSL link will prevail
So you basically end up managing your own fake certificate from your server
Obviously this is not the right way to do things, but it serves the purpose of a secure link for testing or for use in a controlled user base and where you may be using a ip address in the url as opposed to a domain name
If you google "install ssl without certificate" you will find a lot more information on the topic
-
- Posts: 7525
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Hi Rennur,
I have tested the encryption of links and here is how I did it:
I created a new Business Object with 2 Plain Text fields, ClearURL and EncryptedURL and 1 rule;
If Encryption.ClearURL WAS CHANGED Then
Encryption.EncryptedURL=ENCRYPT_B64(Encryption.ClearURL)
This BO is used just to encrypt the URL.
After publishing, I created an instance of the Encryption object and entered the following part of the URL I wanted encrypted in the ClearURL field:
domain=myDomain&userName=theUser&password=thePassword&firstCommand=startProcessWithInit,CreateData,main,InputData&Cost=$21.95&Name=Test Test&OnOffOption=OFF
and the encrypted URL was calculated and displayed in the EncryptedURL field.
I then added a link in an html page with: http://myserver/AwareIM/logonOp.aw?e=the actual Encrypted URL from the EncryptedURL field
When I clicked on the link, AwareIM automatically decrypted the URL, I was logged into Aware and my CreateData process was executed with the supplied values.
I have tested the encryption of links and here is how I did it:
I created a new Business Object with 2 Plain Text fields, ClearURL and EncryptedURL and 1 rule;
If Encryption.ClearURL WAS CHANGED Then
Encryption.EncryptedURL=ENCRYPT_B64(Encryption.ClearURL)
This BO is used just to encrypt the URL.
After publishing, I created an instance of the Encryption object and entered the following part of the URL I wanted encrypted in the ClearURL field:
domain=myDomain&userName=theUser&password=thePassword&firstCommand=startProcessWithInit,CreateData,main,InputData&Cost=$21.95&Name=Test Test&OnOffOption=OFF
and the encrypted URL was calculated and displayed in the EncryptedURL field.
I then added a link in an html page with: http://myserver/AwareIM/logonOp.aw?e=the actual Encrypted URL from the EncryptedURL field
When I clicked on the link, AwareIM automatically decrypted the URL, I was logged into Aware and my CreateData process was executed with the supplied values.
Bob
BobI then added a link in an html page with: http://myserver/AwareIM/logonOp.aw?e=the actual Encrypted URL from the EncryptedURL field
are you sure this is the complete url , as i tried to decrypt this and it failed
I have not yet explored the new features, but I'm wondering if this could be used in association with the Google/Facebook/Twitter login feature.
For example, if you want to send someone a link to edit or view something & you assume your user is already logged into Google. If you have Google login enabled in your app, they I wonder if this encrypted link will open the item directly without having to specifically log in to AwareIM.
For example, if you want to send someone a link to edit or view something & you assume your user is already logged into Google. If you have Google login enabled in your app, they I wonder if this encrypted link will open the item directly without having to specifically log in to AwareIM.
Tom - V8.8 build 3137 - MySql / PostGres
I did not post the actual encrypted string, it is rather long. I will post it now along with more details.
If the actual URL was: http://myserver/AwareIM/logonOp.aw?doma ... &Name=Test Test&OnOffOption=OFF
From my meager knowledge of how the internet works, I assume the first part (http://myserver/AwareIM/logonOp.aw?) should not be encrypted.
So my ClearURL was populated with the rest of the string: domain=myDomain&userName=theUser&password=thePassword&firstCommand=startProcessWithInit,CreateData,main,InputData&Cost=$21.95&Name=Test Test&OnOffOption=OFF
The encrypted string was computed to be:
FxkUAB1eSS0NNxsbURoYXxQHVQYOFR4RS0QbEywSEUJSMBUABwFfARJEFRxVJCEHAAMZQhdQHwgGQwADGx4ZF14XSwoVFUIAEAYcFxNDACEQFRx5GikAXzcEVRICHCUVRBVsGRIdGBw6GAkUAHQVNBVVNxlDB0tdU0UeTXVSPRUbVU4iHBIAECAlBwdSOV48EB8uBEQdLxpOOzB2
So the link on my html page was
http://myserver/AwareIM/logonOp.aw?e=Fx ... QdLxpOOzB2
If the actual URL was: http://myserver/AwareIM/logonOp.aw?doma ... &Name=Test Test&OnOffOption=OFF
From my meager knowledge of how the internet works, I assume the first part (http://myserver/AwareIM/logonOp.aw?) should not be encrypted.
So my ClearURL was populated with the rest of the string: domain=myDomain&userName=theUser&password=thePassword&firstCommand=startProcessWithInit,CreateData,main,InputData&Cost=$21.95&Name=Test Test&OnOffOption=OFF
The encrypted string was computed to be:
FxkUAB1eSS0NNxsbURoYXxQHVQYOFR4RS0QbEywSEUJSMBUABwFfARJEFRxVJCEHAAMZQhdQHwgGQwADGx4ZF14XSwoVFUIAEAYcFxNDACEQFRx5GikAXzcEVRICHCUVRBVsGRIdGBw6GAkUAHQVNBVVNxlDB0tdU0UeTXVSPRUbVU4iHBIAECAlBwdSOV48EB8uBEQdLxpOOzB2
So the link on my html page was
http://myserver/AwareIM/logonOp.aw?e=Fx ... QdLxpOOzB2
Bob
Thanks for the clarification, I have tried to decrypt your encrypted url on a number of online Base64 decrypt sites and still don't have any success.
So this seems to confirm that there is additional encryption taking place on the server which therefore makes it more secure than plain base64 encrypt
So this seems to confirm that there is additional encryption taking place on the server which therefore makes it more secure than plain base64 encrypt
Verification
Welcome news indeed if so. Support, can you verify if/that this is the case?ACDC wrote:Thanks for the clarification, I have tried to decrypt your encrypted url on a number of online Base64 decrypt sites and still don't have any success.
So this seems to confirm that there is additional encryption taking place on the server which therefore makes it more secure than plain base64 encrypt
Thanks
Henrik (V8 Developer Ed. - Windows)