Diese Seite mit anderen teilen ...

Informationen zum Thema:
Forum:
WinDev Forum
Beiträge im Thema:
7
Erster Beitrag:
vor 11 Monaten, 1 Woche
Letzter Beitrag:
vor 10 Monaten, 4 Wochen
Beteiligte Autoren:
DerekM, Piet van Zanten, Harry W

[WB22] - SAAS - Password! [Work-Around found!] [Now Resolved by PC Soft]

Startbeitrag von DerekM am 24.06.2017 14:11

In Version 19 - the SaaS Administrator - Client Database screen - displayed the password in cleartext.

Now - in Version 22 - this has been "improved" and the password is now hidden.

For me, this improvement seems to be a total disaster! I need the password of the SaaS Client database to point a WinDev application to the same database.

Hopefully it's just because it's late in the day or I'm a little slow - so can anyone see a way around this?

At the moment it's starting to look like a show stopper - forcing me to revert to Version 19.

Can anyone tell me if the password field is in clear text in version 20 or 21?

work-around:
Run WB19 SAAS webservice and WebDev 22 together.
Unlink SAAS from WebDev project(s).
Uninstall WB22 SAAS
Use the optional 3rd parameter of SaaSConnect pointing to the WB19 webservice.


Sounds simple now. Tested - and all working fine. Don't know why I made all that fuss ;(

[update] PC Soft have now resolved this issue for me, and an 'eye' / clear text will be generally available in the next release of WB22

Antworten:

Re: [WB22] - SAAS - Password!

It is not the same as in version 19 ???

von Harry W - am 28.06.2017 13:09

Re: [WB22] - SAAS - Password!

[attachment 2365 Client_Password_WB19.png]
[attachment 2366 Client_Password_WB22.png]

von DerekM - am 28.06.2017 23:26

Re: [WB22] - SAAS - Password!

After 5 working days, PC Soft responded to my support request.

The answer:-

Unfortunately having the password visible was a security problem that has been fixed. There is no workaround.

I don't think there are many of you using SAAS - perhaps none using the same approach (web and desktop access) - but as PC Soft do not maintain bug or issue lists, this note is just in case anyone is in a similar position.

FYI - a redacted version of my follow-up to PC Soft is below. I'm not holding my breath that they will put themselves out to assist me.


Sorry, but I fail to understand what the security problem was that has been fixed.

The password was available to the administrator only.

I can't see either, where the risk was to the proprietary software of PC Soft.

By changing this functionality, the effect is to totally invalidate a development effort over a number of years, at the cost of several hundred thousand dollars.

The concept is simple - we are attempting to provide cross-platform software - a Web interface managed by SAAS - and the option to use a desktop client - the access managed by our administrators.

On the surface, it appears that the decision to obfuscate the database password (to our databases) has been made at the programmer level and not at an architectural level. Again, I point out that this was available to the administrator only.

This information was clearly documented in my original support request, and the implications are quite clear.


A response of "there is no workaround" is totally inadequate.

Our options then, are to either abandon an upgrade to WebDev 22 or abandon WebDev SAAS and spend several thousand dollars re-architecting our own SAAS.

Sorry, but I am not happy with this response.


von DerekM - am 01.07.2017 01:16

Re: [WB22] - SAAS - Password!

Hi Derek,

Can you explain why the on screen visibility of a password can be so important to you?
I don't understand.

Kind regards,
Piet

von Piet van Zanten - am 01.07.2017 08:24

Re: [WB22] - SAAS - Password!

Hi Piet

The SAAS structure is inaccessible. It is encrypted by PC Soft.

Although the connection structure is defined, the password value cannot be accessed even using SAAS Admin functions such as SaaSAdminSiteConnection. Any attempt to code around this is countered by 'Password property cannot be accessed by programming'.

This means that there appears to be no way of accessing a SAAS created database other than connecting with SAAS.

This is fine, if we only want to use WebDev. However, we also connect WinDev to the SAAS created databases, allowing the end-user to choose Web or Desktop. We have both WebDev and WinDev applications with identical functionality. The WinDev application can also be used as a standard c/s application, and a custom GPWLogin screen is used.

To allow end-users to access the database via the WinDev application, we get the connection parameters from SAAS Administration and write this to an initialization file.

This all works wonderfully. It is simple and effective, and allows us to sell and deploy a cross-platform solution.

Now that the password is hidden and inaccessible, this strategy is no longer valid.

Sure, I am already working on a number of work-around options. However, this all takes time and money, and it is particularly annoying because as far as I can see, there is no valid reason to hide the password of our own databases.

Best regards,
Derek

von DerekM - am 01.07.2017 10:58

Re: [WB22] - SAAS - Password! [Work-Around found!]

Hi Derek,

Glad you found a workaround.
Looks like PCS SAAS is another black box solution.
Fortunately I use my own.

Kind regards,
Piet

von Piet van Zanten - am 02.07.2017 10:19
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.