Jump to content

Stefan

Members
  • Content Count

    16
  • Joined

  • Last visited

Posts posted by Stefan


  1. I've found a tiny thing that bugs me a bit.

    On my installation I have set the "Activity grid" (recent activity listed under the password list) so only be visible for admins.

    When we get a new colleague, I always guide them to disable the charts on the right to free op estate on the screen.

    So the issue happens after a user unticks "Visible" in the Screen Settings. When they click save, the Activity grid becomes visible for that password list untill the next screen refresh.

    And this is even reproduceable by seleting "Visible" again and click save.

    Each time you click save after changing the visibility of the charts, the Activity grid is exposed for the current passwordlist.

     

    This is not a huge issue here. But this could potentially expose data that you don't want users to see. And worst of all, there's a high chance or me getting the "what's this" question.


  2. Alright. So this will get fixed.

    Now I have discovered another bug related to this.

    When running in compatibility view, the showing of any password containing the character "&" gets truncated.

    So the password: ThisIs&Password

    Will be listed as: ************** (unless you have changed settings to always display the same lengteh.

    But when clicked, it will show: ThisIs

    If I click the "Copy" button, the whole password gets copied. It is only an error in how it is displayed.

    And (aparently) only when using compatibility view.

    I am still running 5626, but this issue is not described in any of the newer updates.

    /Stefan


  3. I have just upgraded to Build 5626.

    Both before and after the upgrade, we are having issues in IE10.

    When using IE10, Passwordstate only shows in the top half of the browser.

    The master frame is using the whole window, but all contents and menus only use the top half.

    Attached is a screenshot of this behavior.

    This is the same on all IE10 I have tested on Windows 7.

    Fix plz.


  4. I am getting this warning: Audit Log Tamper Detection Please be aware tampering of the Auditing table in the database has been detected. To investigate what has occured, please click on the URL below. As I understand it, this indicates that the database itself has been modified. I know for a fact that the user in question has not made any such modifications. The audit log report states that my users has uploaded a document containing the danish letter " å " and that this letter has been modified to be " a° " I am guessing that some part of the system does not like the characters used. I have tried uploading a docuemtn the the characters æ, ø, and å with no issues. My users i most likely using a MAC (I will confirm this later). Are you aware of any such issues with Passwordstate or can you think of any process that would cause this alert to trigger? /Stefan

  5. We have noticed a "funny" little bug when using Chrome. If you have a long list of passwordlists, the "Action" menu will always be at the bottom. Clicking the action list would open a drop-down list. But when at the bottom it's a "drop-up". But using Chrome, it will drop down behind the Admin buttons. Only by minimizing these buttons will the action list behave as it should. I have also tested in FF and IE. This only happens in Chrome. Attached is a picture showing the action list dropped down behind the buttons (barely visible). This is in no way critical. Just a bit odd. /Stefan

  6. For various reasons it is not practical for me to enforce strong passwords. Out lists include customers passwords and their policies dictate wether they can use weak passwords or not. So I need to be able to enter "stupid" passwords like "qwerty" for printers and what not.

    So I have created a template which configures the password list settings. The template has the "Prevent saving of Password records if a 'Bad' password is detected" option UN-ticked.

    However.. When I create a new password list and select the template, the option remains ticked.

    If I "Edit password list details" and then select to copy from template. The option gets disabled. But not during creation.

    I am hoping you can confirm this to be an issue, and if it is the case, fix it.

    Writing this I am thinking that it might be an idea to an option to bypass "strong password requirements" on a single password. Say I have a list that enforces strong passwords (using policies and everything). But on this list I want to enter the pin-code for a SIM-card. Or the CVV2 code for a credit card. These are 3-4 digit codes that can never be complex.

    Most would just create a password list for one type of passwords.

    But the way we use it, is by creating one list pr. customer. So we get a very mixed content pr. list.

    This feature is just a thought. For me specifically I just disable the option all together.

    Feel free to move this to feature request if you want others input.

    Kind regards

    Stefan


  7. Re: Support for SSL Keys

    When you get a new certificate you usually get a .cer file or just a mail with text to copy/paste into your own .cer-file.

    This text would somethinge like this:

    
-----BEGIN CERTIFICATE-----
    
MIIDrTCCAxagAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDEbMBkGA1UEChMSVGhl
    
IFNhbXBsZSBDb21wYW55MRQwEgYDVQQLEwtDQSBEaXZpc2lvbjEcMBoGCSqGSIb3
    
DQEJARYNY2FAc2FtcGxlLmNvbTETMBEGA1UEBxMKTWV0cm9wb2xpczERMA8GA1UE
    
CBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMRQwEgYDVQQDEwtUU0MgUm9vdCBDQTAe
    
Fw0wMTEyMDgwNDI3MDVaFw0wMjEyMDgwNDI3MDVaMIGcMRswGQYDVQQKExJUaGUg
    
U2FtcGxlIENvbXBhbnkxFDASBgNVBAsTC0NBIERpdmlzaW9uMRwwGgYJKoZIhvcN
    
AQkBFg1jYUBzYW1wbGUuY29tMRMwEQYDVQQHEwpNZXRyb3BvbGlzMREwDwYDVQQI
    
EwhOZXcgWW9yazELMAkGA1UEBhMCVVMxFDASBgNVBAMTC1RTQyBSb290IENBMIGf
    
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaiAwfKB6ZBtnTRTIo6ddomt0S9ec0
    
NcuvtJogt0s9dXpHowh98FCDjnLtCi8du6LDTZluhlOtTFARPlV/LVnpsbyMCXMs
    
G2qpdjJop+XIBdvoCz2HpGXjUmym8WLqt+coWwJqUSwiEba74JG93v7TU+Xcvc00
    
5MWnxmKZzD/R3QIDAQABo4H8MIH5MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG/v
    
yytrBtEquMX2dreysix/MlPMMIHJBgNVHSMEgcEwgb6AFG/vyytrBtEquMX2drey
    
six/MlPMoYGipIGfMIGcMRswGQYDVQQKExJUaGUgU2FtcGxlIENvbXBhbnkxFDAS
    
BgNVBAsTC0NBIERpdmlzaW9uMRwwGgYJKoZIhvcNAQkBFg1jYUBzYW1wbGUuY29t
    
MRMwEQYDVQQHEwpNZXRyb3BvbGlzMREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
    
BhMCVVMxFDASBgNVBAMTC1RTQyBSb290IENBggEAMA0GCSqGSIb3DQEBBAUAA4GB
    
ABclymJfsPOUazNQO8aIaxwVbXWS+8AFEkMMRx6O68ICAMubQBvs8Buz3ALXhqYe
    
FS5G13pW2ZnAlSdTkSTKkE5wGZ1RYSfyiEKXb+uOKhDN9LnajDzaMPkNDU2NDXDz
    
SqHk9ZiE1boQaMzjNLu+KabTLpmL9uXvFA/i+gdenFHv
    
-----END CERTIFICATE-----
    

    So saving this raw text as a "password" would be cool. The problem ebodor is describing is probably that the linebreaks and formatting is destroyed rendering the certificate useless/corrupted.

    Personally I would stick with uploading the file, which is no problem as it is just a regular txt-file.

    /Stefan


  8. So we have been testing out passwordstates for a while now and are almost ready to put it into production.

    Finetuning my setup, I have stumbled into a couple of annoyances.

    To heigthen security we have decided to put Passwordstate behind a Forefront TMG.

    This allows us to "slack" a bit on the security settings in password state, so our supportes at the office, can access password state using windows integrated login and with long idle timeouts. And the Techs in the field can access through the TMG form authentication. This gives us an extra layer of protection from the internet, and allows us to use features like Single Sign On to their webmail also.

    When logging out from any websessition the TMG looks for a specific URL so it knows when to terminate a session.

    That's great. I just enter "*/loggedoutforms.aspx" as the url and TMG terminates the session when I log out from Passwordstate.... In FireFox.

    In Chrome the url is instead "*/sessionloggedout.aspx".

    PLEASE change it so that whenever a user clicks "log out" or a session timeouts (anything that results in quitting passwordstate), it results in the same url independant of what browser is used.

    Also... Would be nice to be able to select different security settings for different networks. Say, I add 192.168.1.x and then I am able to select a higher session timeout and Passthrough authentication for clients from only that network.

    Think about it.

    /Stefan


  9. We are very close to purchasing Passwordstate for my workplace.

    After evaluating the product there is one feature I really could use.

    As it is now I can attach one document to one password. This document only shows as a tiny icon.

    What I would like is:

    1) To be able to add an attachment to the password list and not to only one specific password.

    E.g. I have a password list for "Customer 1". In that list I have added some windows passwords and firwall passwords. Then I would also like to add 3 documents showing the network layout where the different firewalls are located.

    2) To be able to add multiple attachments to one password and have these listed in a drop-down list.

    /Stefan

×
×
  • Create New...