Hi all,
fixed in 2.0.2 0.0.03 (also fixed in public version 2.0.1 1.0.03)
- security fix: a workstation behind a NAT network is able to adopt the
user credentials from an other (GUI) logged in workstation in the same
network
ASSP now uses HTTP-Session-ID's to prevent this. Browser cookies must be
enabled for the GUI-URL to make sure, that assp generates absolute unique
session ID's
- if any bomb regular expression contains a regex '^$' to check for an
empty string (eg. bombSubjectRe), no result is found
- if a wrong search query is used in MaillogTail and the option 'show
..... results' is set to 'all matches', it is possible that the
MainThread needs a very long time (30 min or more) to process the query.
For this reason the option 'all matches' is changed to '2000'. There are
also two search timeout values used: 30s for the search in the log files
and 30s for rendering the HTML for the output.
- if in MaillogTail a selection for a list of file to search in was made,
it was possible, that the timeline of the output was broken, because of a
wrong sort of the filenames (numbers).
changed:
- the default value for 'LogRollDays' is changed from 7 to 1.
- if FBMTV is used and an incoming not-bounce message is received, which
contains a valid FBMTV-tag, the message is considered 'whitelisted' if it
is not taged otherwise (red,contentonly, noprocessing...) by assp
added:
- 'httpRequireCookies','HTTP and HTTPS require enabled browser
cookies',0,\&checkbox,'1','(.*)',undef,
'Cookie based http session ID\'s are used by assp to handle different
requests from the same IP (eg behind NAT). Switch this off, if you are
unable to use cookies in your browser. If switched off, a security hole is
opened for connection that are using NAT - it could be possible that a
second workstation (behind NAT) is able to login to the GUI, without user
credentials if the same OS and browser version is used.'
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
