Subversion Repositories oidplus

Rev

Go to most recent revision | Show changed files | Details | Compare with Previous | Blame | RSS feed

Filtering Options

Rev Age Author Path Log message Diff
567 2021-05-14 16:56:56 daniel-marschall /trunk/includes/classes/ Removed: Session handler cannot be accessed outside the authentification utilities anymore  
566 2021-05-14 16:07:03 daniel-marschall /trunk/ Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible		  
564 2021-05-10 20:46:59 daniel-marschall /trunk/ Proper fix for the CSRF Token issue with OAuth (BUG#0000213)  
511 2021-01-18 01:13:07 daniel-marschall /trunk/ Security: Added "INSIDE_OIDPLUS" constant to include files to avoid generating error messages when an include file is accessed directly
Updated copyright notices to 2021		  
466 2020-11-13 21:39:13 daniel-marschall /trunk/  
465 2020-11-13 13:43:58 daniel-marschall /trunk/ OIDplus can now also run without OpenSSL installed  
461 2020-11-04 22:30:07 daniel-marschall /trunk/  
459 2020-11-04 14:32:51 daniel-marschall /trunk/ New class: OIDplusRAAuthInfo  
457 2020-10-27 15:32:00 daniel-marschall /trunk/ Various smaller security tweaks  
456 2020-10-27 01:23:03 daniel-marschall /trunk/ Security: Admin passwords can now be BCrypt instead of SHA3-512
Security: BCrypt is now the default auth method for newly created RAs		  
454 2020-10-26 17:17:01 daniel-marschall /trunk/  
453 2020-10-26 14:21:59 daniel-marschall /trunk/ Security: Auth-Plugins now also generate hashes.
Security: New setting to select default RA hashing algorithm.
Security: New auth plugin A3 "BCrypt".		  
427 2020-10-03 19:08:44 daniel-marschall /trunk/  
424 2020-10-02 22:22:14 daniel-marschall /trunk/ New security feature: CSRF Tokens.
ATTENTION TO PLUGIN DEVELOPERS: You need to add "csrf_token:csrf_token" to your JavaScript's AJAX request fields!		  
421 2020-09-30 11:30:14 daniel-marschall /trunk/ Newly generated administrator passwords are now salted (equally to the "A2" auth plugin), to avoid that equal passwords generate equal password strings in the configuration file  
392 2020-09-15 19:59:14 daniel-marschall /trunk/ Removed md5() and sha1() from security-relevant areas [although the security impact was VERY small]  
360 2020-08-23 00:28:31 daniel-marschall /trunk/ LARGE UPDATE: Made everything multilingual; Translation to German!  
329 2020-06-11 23:05:09 daniel-marschall /trunk/ NEW: "Automated AJAX calls" plugin to execute privileged AJAX requests programmatically  
310 2020-05-18 16:37:59 daniel-marschall /trunk/ New plugin: File attachments  
294 2020-05-10 11:29:27 daniel-marschall /trunk/ New folder "userdata" which now contains all data specific to this OIDplus installation (configuration, resources, databases, log files etc.)  

←Prev12Next→

Show All