Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Security Lockdown - suggestion

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Lockdown - suggestion

    I made a suggestion to Alpha to add a "security lockdown" option to their publishing process. I wanted to run the idea past the message board and see if you think it is a good idea or not.

    Background: when you in the process of creating a web application you need to publish web security files from your desktop to your server. As soon as you publish these files to your server, you have two sets of security files, one on your desktop, and one on the server.

    As soon as your web application goes live and the first user adds themselves to your online application, your server security files are DIFFERENT than your desktop files. Your server files are "live" in that they contain the most current list of users. Your desktop copy is "stale".

    If you were to publish your desktop security files to the server, accidently or on purpose, it would overwrite your "live" files, effectively deleting all of your users, or any users since your last backup, if you have one. All of them would have to re-register.

    Its very easy to overwrite your security files, just check the box that says Publish Web Security Data tables - a mistake you ARE going to make someday.

    Note - do make a daily backup of your online websecurity*.* files and your own users table. I use Cobain Backup 9 for all of my backup needs, see my website under Utilities.

    Anyway, I suggested Alpha add a "Lockdown" check box deep in the View > Settings area that, if checked, would prohibit publishing of any user-related security files and any tables you identified, like your local users table. A typical application would spend years in this lockdown condition.

    So is this Lockdown a good idea?
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  • #2
    Re: Security Lockdown - suggestion

    Yes Steve, I agree it's a great idea. That plus more control over what files get published. Sometimes you just want to publish a single file of your choice, not all that stuff Alpha throws in. It shouldn't be hard for them to add some controls for such choices.
    -Steve
    sigpic

    Comment


    • #3
      Re: Security Lockdown - suggestion

      I also agree. It is a great idea. The security files are too important to just "tick" a check box and then they get overwritten.
      Dan

      Dan Blank builds Databases
      Skype: danblank

      Comment


      • #4
        Re: Security Lockdown - suggestion

        Ditto - absolutely - I have already overwritten files before, and I do make daily backups of everything as well as the security files.

        But your suggestion, I think, is a no brainer ...

        Gary
        Gary S. Traub, Ph.D.

        Comment


        • #5
          Re: Security Lockdown - suggestion

          It's amazing how you read something on the message board, and it suddenly answers the question to a problem you've been having for quite a while.

          On one of my applications, I add the new users and assign them a "starter" password, and ask them to change it immediately. A while back I had users telling me that they would change their password online, and before they knew it, it had magically changed back to their starter password. I was pulling my hair out for months trying to figure out why this was happening, and was starting to think that it was a bug in the system. I got so frustrated with it, that I finally just told the users to tell me what they wanted their password to be, and I manually entered it into the backend of the system. I never had any problems when I did it that way.

          But now the light bulb has come on! I was doing my development work on my desktop computer, and when I would add a new user, I would enter their "starter" password, and would natually publish the Data Table for Users & Groups to add this new user. (I always noticed the warning about overwriting the existing user table, but I figured, "I'm adding a new user," so I have to overwrite/update the table right?")

          And now after reading Steve's initial post, I think I see what was happening. I was overwriting the server's User Data Table with the outdated one located on my desktop, which I'm sure, was replacing the passwords the users had changed online, with the original (starter) ones still stored in my desktop data table. The answer was right in front of me, yet I never saw it.

          Man I'm glad I now know why that was happening. It was driving me crazy, and I don't have much hair left to pull out!!

          YES - a lockdown is a great idea Steve!!
          Sergeant Richard Hartnett
          Hyattsville City Police Department
          Maryland

          Comment


          • #6
            Re: Security Lockdown - suggestion

            Selwyn said this sounded like a good idea, but I have not heard back since. If YOU understand the issue presented here and believe as strongly as I do, please make a comment here.
            Steve Wood
            Join the ALPHA DEVELOPERS NETWORK
            There is no Cloud. It's just someone else's computer.
            Web - Mobile - Hosting - Products - Frameworks - Developer Resources
            AlphaToGo | IADN (100% Alpha Anywhere Websites)

            Comment


            • #7
              Re: Security Lockdown - suggestion

              I don't mind saying that I have fallen victim to this situation . . . hmmm, . . . once or twice!

              It is confusing that there are a couple of security tables that are not in sync and it is way too easy to check that little box when publishing tables.

              I would bet that the amount of work it takes one of us to re-establish our client logins in a case like this would certainly be less time for an Alpha programmer to write code to prevent this from happening in the future.

              Great point Steve - Thanks!

              Comment


              • #8
                Re: Security Lockdown - suggestion

                And to me, it is not really a Security Framework issue. It's a DO NOT PUBLISH these particular files issue -- the control should be at the Publish level. I'd have a dialog called Lockdown or just Do Not Publish and a checkbox for Security Users and Groups. If checked, no matter what, those files would not publish. A bonus would be the ability to flag specific tables in lockdown mode. I would not want to publish particular tables to a live application. I'm a little less concerned with tables because you can toggle publishing tables to be generally off, and then select only those tables you wish to publish. But if you select publish all, and accidently check the database box, you're dead meat.

                This very act is what prompted me to make the suggestion to Selwyn. I thought I was publishing All to Localhost, but published All to my server. I did lose one user that was not in my backup. Not a big loss, unless you are that one user.

                What I want protection against is that momentary slip-up where I, my client, or some assistant, slips up and publishes something that hoses the online application. The way I described it to Selwyn was, it really will be my fault if I slip-up and overwrite a live user list (which is very easy to do), but the fallout from such an act will reflect poorly on all parties, including Alpha.
                Steve Wood
                Join the ALPHA DEVELOPERS NETWORK
                There is no Cloud. It's just someone else's computer.
                Web - Mobile - Hosting - Products - Frameworks - Developer Resources
                AlphaToGo | IADN (100% Alpha Anywhere Websites)

                Comment


                • #9
                  Re: Security Lockdown - suggestion

                  Has anyone tried publishing with windows server 2008/2009 (or whatever has the file versions functionality in it...) and determined if that helps the situation?

                  Since the entire file is being replaced in the publish process, the fille versions may be a built in safety mechanism to help.

                  For Windows versions without this functionality, we need to figure out a way to provide it...

                  For those of you who have used the VAX operating system, you'll understand the power of the file version model.......
                  Al Buchholz
                  Bookwood Systems, LTD
                  Weekly QReportBuilder Webinars Thursday 1 pm CST

                  Occam's Razor - KISS
                  Normalize till it hurts - De-normalize till it works.
                  Advice offered and questions asked in the spirit of learning how to fish is better than someone giving you a fish.
                  When we triage a problem it is much easier to read sample systems than to read a mind.
                  "Make it as simple as possible, but not simpler."
                  Albert Einstein

                  http://www.iadn.com/images/media/iadn_member.png

                  Comment


                  • #10
                    Re: Security Lockdown - suggestion

                    Adding to the AGREE list, please ount me in. I'm a new guy and have had done that exact upload and messed my team up for the weekend because they could not log on.

                    The alternate was spend a Sunday night fixing it. Protecting us from ourselves is always a good thing.
                    David Shaw
                    Manager of Media Services and User Support
                    Cleveland Museum of Art
                    Cleveland, Ohio

                    Comment


                    • #11
                      Re: Security Lockdown - suggestion

                      In my capacity as Mentor or Support guy, I have to explain it all the time. "Why do my users keep disappearing?" is the common question. That's not so bad, its when a big company with thousands of users loses the whole list because some developer on their side, or even me, overwrites their userlist, and the backup failed.
                      Steve Wood
                      Join the ALPHA DEVELOPERS NETWORK
                      There is no Cloud. It's just someone else's computer.
                      Web - Mobile - Hosting - Products - Frameworks - Developer Resources
                      AlphaToGo | IADN (100% Alpha Anywhere Websites)

                      Comment


                      • #12
                        Re: Security Lockdown - suggestion

                        Great Idea.
                        Whilst this hasn't happened to me, It is almost something that is the source of nightmares and thus losing sleep.

                        Comment


                        • #13
                          Re: Security Lockdown - suggestion

                          I agree. It also has not happened to me, but I see the potential for a problem in the future.

                          Comment


                          • #14
                            Re: Security Lockdown - suggestion

                            What about storing al the security tables in a sql server that separates the problem with deploying the apps to the server. Maybe Alpha can create scripts for that. So you have development en production env. solves that the problem ?:)

                            Comment


                            • #15
                              Re: Security Lockdown - suggestion

                              I agree and feel Steve Working's suggestion has real merit also.
                              John Oesterle
                              ToolBytes, LLC

                              Comment

                              Working...
                              X