Blog

DaDaBIK 4.5 pl1 is out - security enhancement

Posted by Eugenio on 15 Aug 2012

Dear users,
a new version of DaDaBIK, 4.5 patch level 1, is available. This is mainly a security enhancement/maintenance release and, as usual, all the users who purchased v. 4.5 beta or v. 4.5 can have v. 4.5 pl1 for free writing an e-mail to payments @ dadabik.org having "free upgrade" as subject and forwarding the invoice or the payment receipt.

This version introduce quite a big change about passwords storage security: DaDaBIK used to store users' passwords using the encryption provided by md5(); while this approach allows for a first level of security, because passwords are not stored in clear text into the database, it does not prevent some type of attacks which a malicious user can do after having obtained the encrypted passwords, such as attacks based on pre-hashed lists or rainbow tables.

For this reason, DaDaBIK, as other popular Web applications such as WordPress did, moves to phpass for managing the password storage. phpass is a framework which supports three password hashing methods (CRYPT_BLOWFISH, CRYPT_EXT_DES and an md5-based method) and chooses the best one according to what the current system can provide. All three employ salting, stretching, and variable iteration counts. This change makes the attacks much more difficult to be successfully executed.

All the user are strongly encouraged to upgrade.

For the complete list of the bugs fixed you can check the Change log.

In the next few weeks I will post about version 5.0, which is probably going to be released in Fall 2012 and will contain an impressive number of new features, including a highly granular permissions manager. Stay tuned!

Ciao,

E.

DaDaBIK 4.5 final version is out!

Posted by Eugenio on 25 Jun 2012

Hi all,
after almost one month of beta testing, I announce the availability of DaDaBIK 4.5 final version.

It is essentially a bug-fix version (6 bugs have been fixed), together with some improvements in the documentation. All the changes are available in the Changelog.

As usual, people who bought the beta version can upgrade to this final version for free, writing an email to payments @ dadabik.org having "free upgrade" as subject and forwarding the invoice or the payment receipt. Furthermore, if you buy version 4.5, two months of free upgrades are included!

Ciao,

Version 4.5 beta is OUT with new features and bug fixes! Plus license change and Host1Plus Promo code!

Posted by Eugenio on 1 Jun 2012

Dear all,
I'm proud to announce the version 4.5 beta of DaDaBIK.

Three big changes:

1) Records locking: this long awaited feature (one of the features proposed by the DaDaBIK community, through the "Like, disLike & Propose" Wiki) is now available. Basically, when a user U1 enter a record in edit mode, the record is locked and other users can't modify it. The record is unlocked if U1 exits the edit mode or after a certain (customizable) amount of time. The feature still works even if two users log into the system using the same username and even if authentication is disabled.
This new feature allows DaDaBIK to avoid unexpected data overwriting and therefore provide a more secure application, especially considering environments where data is important.

2) DaDaBIK now uses just ONE internal table to keep all the information about the form settings. Previous versions used one internal table for each form, which resulted in some cases in an annoying number of items per database. Another change users asked me several times.

3) A unique upgrade script (upgrade.php) to upgrade to the last version from any version >= 4.3 final. So now DaDaBIK recognizes the version you have installed and if it's >= 4.3 final, upgrade it to the last version. YES, NO MORE nightmare-like upgrade procedures which required upgrading through all the intermediate releases :-)

Together with these three new features, several bug fixes, including important SECURITY FIXES. All the details in the changelog . People who download version 4.5 beta will have free access to the 4.5 final, when available.

Second big news: license change. I decided, after having thought a lot, to leave the GPL for a new, custom, license, the DaDaBIK license. As you can see, I'm trying to make DaDaBIK as a big part of my daily job, I have a lot of passion for what I'm doing but combining this with the GPL is not an easy task. Not only because of the nature of the license, but also because there are a lot of people who actually don't know the legal implication of the GPL and just think it means "free as in a free beer". There are people who just don't care about the content of the GPL and just do what they want, there were also people who accused me because, since I asked a minimum of few euros to download the software, I couldn't use the term "Open Source". Crazy, probably they have never visited the GNU Web site (From the site:"Actually, we encourage people who redistribute free software to charge as much as they wish or can."). Development of software NEEDS TO BE REWARDED.
To be honest, it seems to me that the vast majority of the users understood my approach, many people actually download DaDaBIK giving more than the minimum required, people also wrote to thank me for having kept the minimum entry cost so low. I really, really, appreciated all your messages.
I feel, however, this is the right moment to leave the GPL, even because of some contradictions of the license itself. From the point of view of most of the users, nothing changes: DaDaBIK is still open source in the sense you have access to the source code of the program. When you download DaDaBIK from this site, you get a non-exclusive and non-transferrable right to use the program, to modify the program for you or for other people, even your customers, but you cannot redistribute DaDaBIK, for example you cannot upload the DaDaBIK source code on a Web site for downloading but you can of course upload it for EXECUTING.

Last, (but not least!): I (virtually) met Jonas, lead business developer at Host1Plus.com, who was interested in arrange a partnership with DaDaBIK. Host1Plus.com is a Web hosting company having offices in London (UK), Kaunas (Lithuania) and Frankfurt om Maine (Germany); they offer both Shared hosting and Cloud Vps Hosting. I had a good talk with Jonas and I appreciated his approach, which seemed to me serious. The result of the talk, from your point of view, is an interesting "trial period" offered by Host1Plus.com to DaDaBIK users.

Using the promo code DADABIK99 you can get 99% discount for any Host1Plus.com Cloud VPS for 1 month. The offer is valid until 14th of June and for the first 2,000 users.

Yes, long post, thanks for having read until the end :-)

Ciao,

DaDaBIK professional services

Posted by Eugenio on 7 May 2012

A new section of the site, services, has been added; the page contains information about DaDaBIK-related professional services which I can provide, for example installation, customization or new features development.

New version available, upgrade!

Posted by Eugenio on 5 May 2012

Hi,
a new version, 4.4 patch level 1, is available.
The main reason of this release is fixing two bugs which can cause errors and insert/update of wrong data in the database.

Look at the changelog for all the details.

User who already downloaded version 4.4 can ask for the patch level 1 writing to eugenio at favoriti dot it.

All the users are encouraged to upgrade.

Cheers,

Eugenio

Page 13 of 27
<  11  12  13  14  15  16  17  18  19  20  >  

Top