DEAR NETMAKE - please fix Security module mess

aka · May 7, 2020, 7:54pm

Until recantly I did not have a need to get into the SECURITY module, but last few days I’m working with it and I’m pulling my hair out.

Please fix the Security module problems and create some documentation. I noticed that when dealing with existing database generated code gets messed up. Even the column names from existing table cannot be red, and some columns (like Login or Password are skipped). There are some variables which are not documented and also there is to much staff hidden from the user. I also have problem with MD5 encryption so existing hashed passwords cannot be red.
The authentication scenarios are a mystery (the short help doesn’t really explains what’s the difference between them and there is no documentation in HELP. There is also an LDAP option in the wizard which is completely undocumented ! what a shame

rr1 · May 7, 2020, 8:35pm

You can grab some working ldap code from elsewhere in the forum under my name. And you could build your own security that is easier and customised by simply testing for some cookie/http post parameter and determine if a page is shown or not based on that.
I agree that the documentation is lets say… absent…

aducom · May 7, 2020, 8:35pm

[QUOTE=rr;23338]You can grab some working ldap code from elsewhere in the forum under my name. And you could build your own security that is easier and customised by simply testing for some cookie/http post parameter and determine if a page is shown or not based on that.
I agree that the documentation is lets say… absent…[/QUOTE]

I agree that the docs could be (far) better. But I disagree on the security module, it works well although there is room for improvement. Regarding LDap, rr is right we never used that in combination of the ldap rights, just for verifying people’s account (userid/psw). It requires only a few lines of code to verify against ldap so we do that ourselves. Once logged in we use the macro’s to enable/disable modules but in general the standard security way could be used. As aducom I used this module a lot w.o. issues. Improvement could be multiple roles, and a better display of modules (descriptions in stead of the filenames). If you use the largest module (users/groups/rights) it’s a hell of a job maintaining all checkboxes.

aka · May 7, 2020, 8:35pm

I have tried to use Security module with Joomla - NO LUCK, there are problems with MD5 encryption (probably not the same algoritm versions).
Albert - have you tried to use it with exsisting database where fields names do not match exactly the Module fields? When I tried to match the fields in whe Wizard they got screwed up in the code…
when I looked in the code there are some variables which are completely undocumented
I have no idea what LDAP is, never used it, but perhaps would like to learn how to use it with SC

Arthur

aducom · May 7, 2020, 8:35pm

LDAP is a way to get information about a user in a general manner. It’s a standard, (leightweight directory access protocol or something). It allows you to retrieve information about users and we use it to authenticate the university users. I did tried once to bind the vars to my own database and it worked well. I use E107 as a CMS and integrated login info to that. And the MD5 is compatible as it’s a php procedure. http://www.php.net/manual/en/function.md5.php

Yes in the code not everything is documented, it’s not intended for that I guess. But it’s not that hard to change.

bartho · May 7, 2020, 8:35pm

Hello,

Issue reported to our bugs team.

regards,
Bernhard Bernsmann

aka · May 7, 2020, 8:52pm

bartho - this was posted / reported to NM 10 months ago. [SIZE=3]Can you update on any progress please[/SIZE]

maurirp · May 7, 2020, 8:52pm

[QUOTE=aka;23329]Until recantly I did not have a need to get into the SECURITY module, but last few days I’m working with it and I’m pulling my hair out.

Please fix the Security module problems and create some documentation. I noticed that when dealing with existing database generated code gets messed up. Even the column names from existing table cannot be red, and some columns (like Login or Password are skipped). There are some variables which are not documented and also there is to much staff hidden from the user. I also have problem with MD5 encryption so existing hashed passwords cannot be red.
The authentication scenarios are a mystery (the short help doesn’t really explains what’s the difference between them and there is no documentation in HELP. There is also an LDAP option in the wizard which is completely undocumented ! what a shame :-([/QUOTE]

I’ve reported some troubles with security mode already
http://www.scriptcase.net/forum/showthread.php?7565-ScriptCase-v8-0-022-Bug-in-user-mode-Security-module-and-Applications&p=30245#post30245
http://www.scriptcase.net/forum/showthread.php?7565-ScriptCase-v8-0-022-Bug-in-user-mode-Security-module-and-Applications&p=30778#post30778
http://www.scriptcase.net/forum/showthread.php?7565-ScriptCase-v8-0-022-Bug-in-user-mode-Security-module-and-Applications&p=30043#post30043

aymg01 · May 7, 2020, 8:52pm

That is a problem with NetMake, that had some issues and no fix very fast. I have open 4 tickets with bugs 3 or 4 months, so far, the answer is “Development team is working on that”. I think important comment this in http://www.scriptcase.net/forum/showthread.php?9983-ScriptCase-vs-Other-PHP-generators but I dont have a lot experience in order to denigrate of Scriptcase or NetMake. I think that NetMake, could inform to us the ETA for all bugs.

Regards,

GuiGuy · May 7, 2020, 8:52pm

Hi Albert,

I’ll take an exception to that. I’ve attempted to apply the security module using group based security. The term “mess” used by the OP is generous IMO.

As an example, when a group is applied to a user, why is a new group generated by the program? By example, we start of with four groups, "Administrator’, ‘Moderators’, ‘Members’ and ‘Guests’.

Now one of those is assigned to a user. The security module now generates a new sec_group record, with an incrementing number as the description field value. Do this six times and I have ‘1’, ‘2’, ‘3’, ‘4’, ‘5’, ‘6’, "Administrator’, ‘Moderators’, ‘Members’ and ‘Guests’ etc…

If that’s not enough, after extensive successful testing on local servers that mimic the intended remote server environment we deploy and what do we get after configuring the DB connection and logging in successfully? “Unauthorised user” error on the call from app_login to the menu.

I figure given the hours wasted trying to get group based security to work and instead of wading through Netmake’s module it may be better for my blood pressure to re-invent the security wheel from scratch.

There, I feel a little better now…

owen.solution · May 7, 2020, 8:52pm

I agree. This makes my client complain.

www.LiviApps.com (Scriptcase International)
www.OwenSolution.com (Scriptcase Indonesia)

RHS · May 7, 2020, 8:52pm

I’am beginning with SC 5.x and since that version i have my own group based security module. I use that with small additions over time now in SC 8.1. Blood pressure is normal … ;).

mister_doctor · May 7, 2020, 8:52pm

The security module is the worst thing, at least at group level. Synchronization creates non-existent apps, even entries with blank names, and it does not remove deleted apps. Also, I can’t activate permissions in most of apps by using the security apps (checkboxes are disabled), I have to do it directly in the database… and so on. I’m seriously thinking on creating my own security module, but sadly I don’t have enough time for the project I’m on. So, meanwhile I will have to deal with what Scriptcase offers.

aka · May 7, 2020, 9:00pm

THIS INITIAL POST WAS CREATED TWO YEARS (yes 2 years) ago. SECURITY MODULES STILL DO NOT WORK AS EXPECTED.