DaDaBIK logo DaDaBIK®

Blog

DaDaBIK 5.1.2 is out: Security and other bug fixes

Posted by Eugenio on 23 Jul 2013

Dear all,
a new release, DaDaBIK 5.1.2, is out. It is the 57th version since I started to work at this software and probably the last 5.x one.

DaDaBIK 5.1.2 is mainly a maintenance release which fixes a security problem and other bugs. A new known bug has also been added to the documentation and will be fixed with DaDaBIK 6 because it requires core changes that we are going to apply anyway in DaDaBIK 6.

All the details, including the description of the security issue fixed, in the change log.

Thanks a lot to all the customers for their very valuable feedback.

Cheers,

Eugenio

Security Alert, DaDaBIK 5.1.1 is out, please upgrade

Posted by Eugenio on 20 Mar 2013

Dear DaDaBIK users,
we have found a security hole and DaDaBIK 5.1.1 has been published to fix it.

If two DaDaBIK applications were installed under the same domain (e.g. http://mysite.com/dadabik_one/ and http://mysite.com/dadabik_two/) and another page X set a PHPSESSID cookie valid in the whole domain (i.e. having path / ), a user who visited X and login into one of the DaDaBIK application could access the other DaDaBIK application without logging in. X could be for example a normal php page having a session_start() statement.

While this bug is related to a known bug, already documented:
"Malicious users could use PHP scripts for setting session variables to particular values in order to bypass the login procedure and get unauthorized access to DaDaBIK. These scripts must be hosted on the same domain where the DaDaBIK target installation is hosted." the fact that it may occur even without the presence of a malicious script made it even worst.

A new parameters ($secret_key) is now available and required in config.php; its value, which must be secret and different for each DaDaBIK application you create, fixes this known bug, including the case explained above.

The Wordpress plugin has also been upgraded and requires to set a $secret_key variable as well (see installation instructions for details).

DaDaBIK 5 PRO and ENTERPRISE users can request DaDaBIK 5.1.1 for free writing to payments at dadabik dot org; DaDaBIK 5 Basic users who have purchased DaDaBIK in the last two months are eligible to do the same.

All the other users, even if they are not anymore eligible for a free upgrade, can apply the security patch manually by following these instructions. Please note that the instructions cannot be used for DaDaBIK 5 PRO and ENTERPRISE.

Another big step forward: DaDaBIK now provides Wordpress integration and LDAP authentication

Posted by Eugenio on 23 Jan 2013

Hi everbody,
we are glad to announce that dadabik 5.1 is out with Two big improvements:

1) Wordpress integration (PRO and ENTERPRISE versions): a DaDaBIK application can now be integrated into a Wordpress site through a dedicated wrapper plug-in. Users authenticated through Wordpress can also be automatically authenticated into DaDaBIK too, without doing the log-in again.
This allows for an unbelievable number of new scenarios where dadabik can be used. We also have a new demo showing Wordpress integration, see the demo page.


2) LDAP authentication (ENTERPRISE version)
This is a long-awaited feature, especially in enterprise environments where the same user accounts list needs to be shared across several applications. Both OpenLDAP and Microsoft Active Directory are supported.

DaDabik 5.1 also comes with a long list of bug fixes: to see the complete list of new features, changes and fixes see the change log.

Last note: The survey about the next dadabik features is still open and will be open until mid February: if the votes trend will be confirmed, the next dadabik feature will probably be the Multi-select listboxes and checkboxes

Thanks to everybody who took the time to vote and to send us feedback and possible enhancement for DaDaBIK.

Have fun!

Eugenio

Thanks and vote for the next features!

Posted by Eugenio on 12 Dec 2012

Hi all,

about two weeks ago we released DaDaBIK 5; we are very happy to say that so far it has been a great success, even beyond expectations.Thanks a lot for your support and for all the positive messages I have received in my personal mailbox!

While developing DaDaBIK 5, we took into serious consideration user requests, suggestions and needs.

We want to continue on this path for the next releases, asking which is the feature you consider the most important for the future DaDaBIK. Please take a few seconds to
vote in the poll

If your favourite feature is not in the list you can also add it.


Ciao,

Eugenio

DaDaBIK 5 is here

Posted by Eugenio on 24 Nov 2012

Hi all,
I am really glad and released to announce that DaDaBIK 5 is finally here!

DaDaBIK 5 comes with a new GUI and tons of new features, including:

  • A completely new granular permissions manager
  • PHP hooks to extend DaDaBIK capabilities
  • HTML templates for data grids.

I am sure it will bring its users to a new level in terms of Web Database Application Rapid Development, please take the time to check it out the BRAND NEW DEMO.

You can find all the (20+) new features, changes, security and other fixes reviewing the change log. As you can see, also the Website has been completely re-designed.

There are now three versions of DaDaBIK: BASIC, PRO and ENTERPRISE, you can review the features of each here

All the customers who bought DaDaBIK in the last two months can upgrade to DaDaBIK 5 PRO for free and to DaDaBIK enterprise paying €50.

All Supporters and Patrons (customers who bought DaDaBIK paying €50/€100, at any time) can upgrade to DaDaBIK 5 ENTERPRISE for free.

Write to payments at dadabik dot org if you want to use your upgrade option.

Enjoy,

Eugenio

Page 13 of 28
<  11  12  13  14  15  16  17  18  19  20  >  

Top