Re: 4D authentication system that allow for stronger security.

2019-09-05 Thread Jörg Knebel via 4D_Tech 
Eric,

> On 6 Sep 2019, at 24:22 AEST, Eric Naujock via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Does anyone have a replacement login system for 4D that offers stronger 
> authentication security than the current system. Since the current system 
> does not enforce password changes, or password complexity it is a pretty poor 
> system in the current age. While the encryption is crypt is is still brute 
> force attackable as well. There are no failed login lockouts. Nor is three 
> the ability to have two factor authentication? Or is this something beyond 
> what anyone out there is using. 

I roll my own system for more than 25 years now.
It allows to manage access rights on record level divided by read only and read 
write.

Here are some pointers to give you an idea.

All the information are hold in the data-file and therefore a kind of mirroring 
of the structure is 
( [Tables], [Fields], [Staff], [Passwords], [Branches], [Departments] etc.)

The passwords are stored as hashes (MD5…SHA512) which makes it a bit harder but 
not immune against brut force attacks.
A mandatory change of passwords after a period of time or number of logins can 
be implemented as well as x-way authentication can be implemented.
To use this as an addition to the 4D-build-in stuff is also possible, but I 
don’t see a reason why.

The access rights for each user are hold in arrays for each user within an 
organisation like this:

READ ONLY
NA  AA  UA  DA  BA  FA
[Table1]√

[TableN]√

READ WRITE
NA  AA  UA  DA  BA  FA
[Table1]√   

[TableN]√   


Legend:

NA  No Access
AA  Author Access
UA  Unit Access
DA  Department Access
BA  Branch Access
FA  Full Access

Every table has the following LongINT “Head Fields” :

UserIDRefCreated
UserIDRefModified
xCorpCreated
xBranchCreated
xDepartmentCreated
xUnitCreated

Every time a user is accessing a table his rights (arrays see above) are 
applied.

Granted to implement this in an existing application will take some doing but 
it could be worth it.

For instant if someone within an organisation changes to a different branch but 
will hold the “same” position, no access rights have to be adjusted and the 
data from the former branch/department/etc. cannot be accessed any more.

HTH


Cheers
Jörg


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

NTK 3.1.0 crashing on some Windows 10 1803 Home, 4D Remote v17R4 build 232574

2019-09-05 Thread David Ringsmuth via 4D_Tech 
On a couple of computers an application using NTK 3.1.0 is crashing while 
accessing:

https://maps.googleapis.com/maps/api/geocode/xml?address=

Most of the other computers can access this URL without any problem.

We disabled the firewall and the anti-virus.
We deleted the local application cache.
We installed a fresh 4D v17R4 232574.
We restarted the computer.

It still crashed when NTK 3.1.0 is used to contact googleapis.com.

My next step is to replace the NTK call with 4D’s own HTTP Get.

Suggestions please!

David Ringsmuth

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

"automatically repaired method"

2019-09-05 Thread Tom Benedict via 4D_Tech 
I just encountered an object method whose code was replaced with this comment:

//automatically repaired method

I’ve found the ‘missing’ code in a backup and reinstated it, but I’m wondering 
how/why did this happen? I looked through the MSC Repair Logs and found this 
error:

Line 189517: Could not load the method 
resources for [Contact_Notes].Input_02_Pro.Page0.Variable82 
(atab_Contact_Notes)

What would cause this to happen? No other errors in nearly 50,000 objects.

Tom Benedict


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D authentication system that allow for stronger

2019-09-05 Thread Douglas Cryer via 4D_Tech 
Eric,

In short you really do have to roll your own solution for this.  That said I 
would always advocate for extending the 4D Users and Groups security rather 
than replacing it.  I have seen both approaches over the years and IMHO there 
are so many advantages to using the built in model that it seems crazy to start 
from entirely from scratch.  The effort to reproduce some built in behaviours 
just is not worth it.

What we do is have user and group entities held in data that we bind to the 4D 
users and groups paradigm.  This allows you to store additional properties that 
can be useful in user and group management.  It also allows for adding in your 
own additional security steps such as TFA (I have used google authenticator) 
but any model is possible because you have complete programmatic control over 
the process.  Enforcing password changing and complexity also seem like 
relatively trivial steps to overlay on the existing base.

Regards,  Dougie


telekinetix Limited- J. Douglas Cryer
Phone : 01234 761759  Mobile : 07973 675 218
2nd Floor Broadway House, 4-6 The Broadway, Bedford MK40 2TE
Email : jdcr...@telekinetix.com  Web : http://www.telekinetix.com 


 
 



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D authentication system that allow for stronger security.

2019-09-05 Thread Jeffrey Kain via 4D_Tech 
4D integrates well with Active Directory/LDAP servers. That's probably the best 
way to go, along with some custom code to track failed login attempts

> On Sep 5, 2019, at 10:22 AM, Eric Naujock via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Does anyone have a replacement login system for 4D that offers stronger 
> authentication security than the current system. Since the current system 
> does not enforce password changes, or password complexity it is a pretty poor 
> system in the current age. While the encryption is crypt is is still brute 
> force attackable as well. There are no failed login lockouts. Nor is three 
> the ability to have two factor authentication? Or is this something beyond 
> what anyone out there is using. 

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D authentication system that allow for stronger security.

2019-09-05 Thread Paul Lovejoy via 4D_Tech 
You’d have to roll your own. 

Paul 

> On 5 Sep 2019, at 16:22, Eric Naujock via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Does anyone have a replacement login system for 4D that offers stronger 
> authentication security than the current system. Since the current system 
> does not enforce password changes, or password complexity it is a pretty poor 
> system in the current age. While the encryption is crypt is is still brute 
> force attackable as well. There are no failed login lockouts. Nor is three 
> the ability to have two factor authentication? Or is this something beyond 
> what anyone out there is using. 
> 
> ---
> 
> MacCafe
> 7860 Central Ave.
> Toledo, OH 43617
> Phone: (419) 885-1240 X 241
> Fax: (419) 517-2063
> Eric Naujock  -  ACSA 10.2, 10.3, 10.4 Apple - ACTC 10.5, 10.6, 10.7, 10.8, 
> 10.9, 10.10, -ACSP 10.11, 10.12, 10.13
> http://www.mac-cafe.com
> email: e r...@mac-cafe.com 
> 
> AOL IM: erlic
> 
> 
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D authentication system that allow for stronger security.

2019-09-05 Thread Narinder Chandi via 4D_Tech 
Eric,

Interesting question... 2FA you could roll your own on top of Twilio's APIs 
perhaps, or use an API driven service like Authy (which implements the Twilio 
piece for you) or AWS Cognito. I did a AWS Cognito integration last year 
building it as a PHP authentication microservice. Would make for a nice 
challenge as a 4D integration project...

Regards,
 
Narinder Chandi,
ToolBox Systems Ltd.
-- 

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> on behalf of 4D Tech Mailing List 
<4d_tech@lists.4d.com>
Reply-To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Date: Thursday, 5 September 2019 at 15:22
To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Cc: Eric Naujock 
Subject: 4D authentication system that allow for stronger security.

Does anyone have a replacement login system for 4D that offers stronger 
authentication security than the current system. Since the current system does 
not enforce password changes, or password complexity it is a pretty poor system 
in the current age. While the encryption is crypt is is still brute force 
attackable as well. There are no failed login lockouts. Nor is three the 
ability to have two factor authentication? Or is this something beyond what 
anyone out there is using. 

---

MacCafe
7860 Central Ave.
Toledo, OH 43617
Phone: (419) 885-1240 X 241
Fax: (419) 517-2063
Eric Naujock  -  ACSA 10.2, 10.3, 10.4 Apple - ACTC 10.5, 10.6, 10.7, 10.8, 
10.9, 10.10, -ACSP 10.11, 10.12, 10.13
http://www.mac-cafe.com
email: e r...@mac-cafe.com 

AOL IM: erlic



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D authentication system that allow for stronger security.

2019-09-05 Thread Eric Naujock via 4D_Tech 
Does anyone have a replacement login system for 4D that offers stronger 
authentication security than the current system. Since the current system does 
not enforce password changes, or password complexity it is a pretty poor system 
in the current age. While the encryption is crypt is is still brute force 
attackable as well. There are no failed login lockouts. Nor is three the 
ability to have two factor authentication? Or is this something beyond what 
anyone out there is using. 

---

MacCafe
7860 Central Ave.
Toledo, OH 43617
Phone: (419) 885-1240 X 241
Fax: (419) 517-2063
Eric Naujock  -  ACSA 10.2, 10.3, 10.4 Apple - ACTC 10.5, 10.6, 10.7, 10.8, 
10.9, 10.10, -ACSP 10.11, 10.12, 10.13
http://www.mac-cafe.com
email: e r...@mac-cafe.com 
AOL IM: erlic



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**