Jon W
Well-known member
The path is in the URL it redirects to, so you could just add that page to your favourites.This just keeps getting better and better Jon!
Be great if the path auto filled or selectable to use after it's used once.
The path is in the URL it redirects to, so you could just add that page to your favourites.This just keeps getting better and better Jon!
Be great if the path auto filled or selectable to use after it's used once.
Correct. Might be possible to just unencrypt the data when the admin logs in or something like that.Do you mean master password (not saved in the DB) that works as the secret key to unencrypt? Could be a solution.
So to install-upgrade you have to manually insert the master password every time, right? I think can be a good idea.
Correct. Might be possible to just unencrypt the data when the admin logs in or something like that.
but there will be unencrypted data in the cookies, right?Another alternative would just be to store the data in cookies, so then you would just have to re-enter it if you used a different computer.
New features:
- Stored credentials for waindigo.org can now be deleted once your installation has been associated with your waindigo.org account, to avoid having to store your account details in plain text.
- Stored credentials for all sites can now be encrypted (premium feature). Encryption is performed using an encryption key that is generated based on your Admin Control Panel password whenever you log in and is then stored as a session cookie. As such, admins will no...
I've gone for an encryption key being stored as a session cookie on login to the Admin Control Panel. Decryption is performed on demand using the encryption key, so at no point are passwords being stored unencrypted on the server.In this way there's no need of an extra password but you have to encrypt and crypt during login and logout of an admin, right? In very busy forums with more than an admin that data will be unencrypted most of the time.
Said that I'm in favor also of an install/upgrade password. With all that password managers out there I don't see an extra password as a problem anymore.
but there will be unencrypted data in the cookies, right?
Nope, sorry. Everyone has to subscribe to get Premium features and support. All your customers get commercial licenses and branding free as long as they have this add-on installed and linked to their waindigo.org account, so they can benefit from this update:@Jon W Will this feature enable by default for my clients sites detected on my IP subnets using your add-on?
Stored credentials for waindigo.org can now be deleted once your installation has been associated with your waindigo.org account, to avoid having to store your account details in plain text.
Its not like there is a massive security hole in this add-on. It would still require someone to hack in to the site and this add-on doesn't make that any more likely. It is just an extra level of security, so it is a premium feature.Um, why is security being offered as a "premium" feature? That doesn't seem very fair.
Bug fixes:
- Fixes "Use of undefined constant SORT_NATURAL" bug in PHP 5.3.
Jon I'm ok for the premium thing, but you can't say this is an "extra level of security". It is normal to encrypt stored credentials. IMHO an extra level of security could be a "2nd factor authentication".Its not like there is a massive security hole in this add-on. It would still require someone to hack in to the site and this add-on doesn't make that any more likely. It is just an extra level of security, so it is a premium feature.
Then XenForo is insecure because it stores your database details in plain text?Jon I'm ok for the premium thing, but you can't say this is an "extra level of security". It is normal to encrypt stored credentials. IMHO an extra level of security could be a "2nd factor authentication".
Good point!Then XenForo is insecure because it stores your database details in plain text?
Glad you agree. Thanks again for the initial suggestion.Good point!
Unless there are bug fixes, you don't have to update every time there is a new release. That being said, it is so easy to update add-ons with this add-on anyway, why wouldn't you?I'm not sure I've ever seen so many updates in such a short time frame from one developer. Is it possible some of these versions could be consolidated to eliminate weeks where four and five updates are rolled out?
Try the path "install/data" to see if that works. If so, it is probably a permissions issue. There is nothing in the latest update that should break anything.Since latest update, multi upload no longer works. trying both /home/username/upload and ../upload as the bath list all the addons, but you get the error "The files associated with this add-on could not be found. Please upload them and try again." trying to install any of them.
Unless there are bug fixes, you don't have to update every time there is a new release. That being said, it is so easy to update add-ons with this add-on anyway, why wouldn't you?
We use essential cookies to make this site work, and optional cookies to enhance your experience.