Subversion Repositories oidplus

Rev

Go to most recent revision | Show changed files | Details | Compare with Previous | Blame | RSS feed

Filtering Options

Rev Age Author Path Log message Diff
730 2022-01-23 22:10:52 daniel-marschall /trunk/ "ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class.		  
712 2021-12-26 18:44:52 daniel-marschall /trunk/includes/classes/  
711 2021-12-26 18:33:19 daniel-marschall /trunk/ Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!

ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure)		  
622 2021-06-11 00:37:28 daniel-marschall /trunk/ Change to JWT key of HS512 (if no PKI is available)  
621 2021-06-11 00:27:12 daniel-marschall /trunk/ ViaThinkSoft repos switched from SVN to Packagist/GitHub  
617 2021-06-02 00:03:52 daniel-marschall /trunk/ Added new high-security feature RA Password Pepper (use with extreme caution! Existing passwords will become invalid)
RA password generation: BCrypt "cost" parameter can now be configured.		  
609 2021-05-29 23:09:04 daniel-marschall /trunk/ The administrator account can now have more than one valid password.
webwhois.php is now disabled if the WHOIS plugin is disabled		  
592 2021-05-23 22:53:31 daniel-marschall /trunk/ (Nearly) reached PHPStan level 5  
590 2021-05-23 18:45:00 daniel-marschall /trunk/ PHPStan Level 3 reached  
585 2021-05-23 17:36:08 daniel-marschall /trunk/ Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway)		  
583 2021-05-22 11:32:35 daniel-marschall /trunk/ Added JWT TTL (time to live) config value  
579 2021-05-17 17:51:20 daniel-marschall /trunk/ Login "remember me" feature (using JWT authentication)  
578 2021-05-17 01:27:25 daniel-marschall /trunk/ JWT authentication security improvements  
577 2021-05-16 21:28:47 daniel-marschall /trunk/ JWT cosmetics  
576 2021-05-16 20:24:19 daniel-marschall /trunk/ Small improvements to JWT authentication. Renamed "NBF" to "Blacklisted" to avoid confusion  
574 2021-05-16 03:04:22 daniel-marschall /trunk/ NEW: JWT tokens of Automated AJAX calls can now be blacklisted
REMOVED: Automated AJAX calls using "batch_username" arguments		  
572 2021-05-15 21:50:39 daniel-marschall /trunk/ Added possibility to disable JWT token authentication in the base configuration  
570 2021-05-15 17:00:51 daniel-marschall /trunk/ Security: JWTs are now signed using RSA if OpenSSL is available.
Security: If not, then the key of JWT (which is the server secret) is processed via PBKDF2		  
567 2021-05-14 16:56:56 daniel-marschall /trunk/includes/classes/ Removed: Session handler cannot be accessed outside the authentification utilities anymore  
566 2021-05-14 16:07:03 daniel-marschall /trunk/ Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible		  

←Prev12Next→

Show All