4.6 stable is out and security alert.

Posted by Eugenio on 3 Nov 2012

Hi all,
version 4.6 stable is now available. It provides several bug fixes, you can find the complete list in the change log.

The security alert is about the documentation:

"The documentation section about multiple instances of DaDaBIK has been (at least for the moment) removed. That section was not up-to-date and referred to a version of DaDaBIK which still didn't have the authentication feature: the result is that if users followed those instructions having authentication ON, a user authenticated on the first (not admin) instance could also access the /admin instance without authentication. This is not a proper bug but could lead to a false sense of security."

DaDaBIK 5 will be available in about two weeks; having about twenty new features, it will bring users to a new level in terms of Web Database Application Rapid Development

Stay tuned.

4.6 beta is out with UTF-8 support! 5.0 alpha: feature list.

Posted by Eugenio on 27 Sep 2012

Hi all,
DaDaBIK v. 4.6 beta is out!
The first big, long awaited news is that DaDaBIK now officially supports UTF-8, allowing the correct handling of content in almost any known language and writing system. While some hacks for adding UTF-8 support have been posted on the forum during the last years, this feature has never been officially introduced because of the drawbacks involved: PHP doesn't offer a complete support for multibyte encoding and using DaDaBIK with UTF-8 content could lead to unexpected and bad results such as content corruption.
The new version of DaDaBIK has been completely revised in order to work well with UTF-8 content; furthermore, in order to reduce dependencies with external libraries, which can make the UTF-8 support implementation even trickier, the use of ADOdb has been discontinued and the PDO extension is now used for all the DBMSs.

The move to PDO also means less software footprint, theoretically better performances (they were not tested in details though) and changes in minimum requirement: the new ones are PHP >= 5.1 with mbstring extension enabled and one of the following MySQL >= 5.0 or PostgreSQL >= 7.4 or SQLite >= 3. The database default charset must be UTF-8 if you need to handle UTF-8 content.

There are still some cases in which the correct handling of UTF-8 is not guaranteed, see http://www.dadabik.org/index.php?function=show_documentation#bugs for further details.

Version 4.6 beta comes with a long list of fixed bugs, a couple of them about security, you can find it as usual reading the change log ; a new known bug about field and table names has also been added to the documentation, again, all the details in the change log.

The second big news is about version 5.0 alpha, which will be probably available in a couple of months with an impressive number of new features, most of them already implemented, including:

• A completely new permissions manager which allows to set, for each user or group, which operations (read, delete, update, create and details) are allowed on each form and field.


• Customizable data grid: the sytle of the data grid will be completely customizable using an HTML template, for example it will be possible to get a google-style results view instead of the classical results data grid very easily just by working on the template.


• Filter feature: a quick, customizable, search form a the top of the results data grid.


• Static pages: the possibility to add static, custom, pages to the DaDaBIK application (e.g. an help page).


• SQL-filled fields: a new field type whose value during insertion is specified by a custom SQL query.


• Form desing customization: the possibility to choose if a form field has to be positioned close to the previous one in the same form row or in a new one (current behaviour).


• Master/details view available not ony with the edit function but also with the details function.


• A brand new graphic interface (maybe, this is not sure!)

DaDaBIK 4.5 pl1 is out - security enhancement

Posted by Eugenio on 15 Aug 2012

Dear users,
a new version of DaDaBIK, 4.5 patch level 1, is available. This is mainly a security enhancement/maintenance release and, as usual, all the users who purchased v. 4.5 beta or v. 4.5 can have v. 4.5 pl1 for free writing an e-mail to payments @ dadabik.org having "free upgrade" as subject and forwarding the invoice or the payment receipt.

This version introduce quite a big change about passwords storage security: DaDaBIK used to store users' passwords using the encryption provided by md5(); while this approach allows for a first level of security, because passwords are not stored in clear text into the database, it does not prevent some type of attacks which a malicious user can do after having obtained the encrypted passwords, such as attacks based on pre-hashed lists or rainbow tables.

For this reason, DaDaBIK, as other popular Web applications such as WordPress did, moves to phpass for managing the password storage. phpass is a framework which supports three password hashing methods (CRYPT_BLOWFISH, CRYPT_EXT_DES and an md5-based method) and chooses the best one according to what the current system can provide. All three employ salting, stretching, and variable iteration counts. This change makes the attacks much more difficult to be successfully executed.

All the user are strongly encouraged to upgrade.

For the complete list of the bugs fixed you can check the Change log.

In the next few weeks I will post about version 5.0, which is probably going to be released in Fall 2012 and will contain an impressive number of new features, including a highly granular permissions manager. Stay tuned!

Ciao,

E.

DaDaBIK 4.5 final version is out!

Posted by Eugenio on 25 Jun 2012

Hi all,
after almost one month of beta testing, I announce the availability of DaDaBIK 4.5 final version.

It is essentially a bug-fix version (6 bugs have been fixed), together with some improvements in the documentation. All the changes are available in the Changelog.

As usual, people who bought the beta version can upgrade to this final version for free, writing an email to payments @ dadabik.org having "free upgrade" as subject and forwarding the invoice or the payment receipt. Furthermore, if you buy version 4.5, two months of free upgrades are included!

Ciao,

Version 4.5 beta is OUT with new features and bug fixes! Plus license change and Host1Plus Promo code!

Posted by Eugenio on 1 Jun 2012

Dear all,
I'm proud to announce the version 4.5 beta of DaDaBIK.

Three big changes:

1) Records locking: this long awaited feature (one of the features proposed by the DaDaBIK community, through the "Like, disLike & Propose" Wiki) is now available. Basically, when a user U1 enter a record in edit mode, the record is locked and other users can't modify it. The record is unlocked if U1 exits the edit mode or after a certain (customizable) amount of time. The feature still works even if two users log into the system using the same username and even if authentication is disabled.
This new feature allows DaDaBIK to avoid unexpected data overwriting and therefore provide a more secure application, especially considering environments where data is important.

2) DaDaBIK now uses just ONE internal table to keep all the information about the form settings. Previous versions used one internal table for each form, which resulted in some cases in an annoying number of items per database. Another change users asked me several times.

3) A unique upgrade script (upgrade.php) to upgrade to the last version from any version >= 4.3 final. So now DaDaBIK recognizes the version you have installed and if it's >= 4.3 final, upgrade it to the last version. YES, NO MORE nightmare-like upgrade procedures which required upgrading through all the intermediate releases :-)

Together with these three new features, several bug fixes, including important SECURITY FIXES. All the details in the changelog . People who download version 4.5 beta will have free access to the 4.5 final, when available.

Second big news: license change. I decided, after having thought a lot, to leave the GPL for a new, custom, license, the DaDaBIK license. As you can see, I'm trying to make DaDaBIK as a big part of my daily job, I have a lot of passion for what I'm doing but combining this with the GPL is not an easy task. Not only because of the nature of the license, but also because there are a lot of people who actually don't know the legal implication of the GPL and just think it means "free as in a free beer". There are people who just don't care about the content of the GPL and just do what they want, there were also people who accused me because, since I asked a minimum of few euros to download the software, I couldn't use the term "Open Source". Crazy, probably they have never visited the GNU Web site (From the site:"Actually, we encourage people who redistribute free software to charge as much as they wish or can."). Development of software NEEDS TO BE REWARDED.
To be honest, it seems to me that the vast majority of the users understood my approach, many people actually download DaDaBIK giving more than the minimum required, people also wrote to thank me for having kept the minimum entry cost so low. I really, really, appreciated all your messages.
I feel, however, this is the right moment to leave the GPL, even because of some contradictions of the license itself. From the point of view of most of the users, nothing changes: DaDaBIK is still open source in the sense you have access to the source code of the program. When you download DaDaBIK from this site, you get a non-exclusive and non-transferrable right to use the program, to modify the program for you or for other people, even your customers, but you cannot redistribute DaDaBIK, for example you cannot upload the DaDaBIK source code on a Web site for downloading but you can of course upload it for EXECUTING.

Last, (but not least!): I (virtually) met Jonas, lead business developer at Host1Plus.com, who was interested in arrange a partnership with DaDaBIK. Host1Plus.com is a Web hosting company having offices in London (UK), Kaunas (Lithuania) and Frankfurt om Maine (Germany); they offer both Shared hosting and Cloud Vps Hosting. I had a good talk with Jonas and I appreciated his approach, which seemed to me serious. The result of the talk, from your point of view, is an interesting "trial period" offered by Host1Plus.com to DaDaBIK users.

Using the promo code DADABIK99 you can get 99% discount for any Host1Plus.com Cloud VPS for 1 month. The offer is valid until 14th of June and for the first 2,000 users.

Yes, long post, thanks for having read until the end :-)

Ciao,