Security Tab send emails if....

[schmutly]

When the customer forgets their password there's no way to log in.
They see this-> https://prnt.sc/mlyGPGjtecSU
So i am not sure once we have the builds working what it says after that and whether
it gives them a way to reset it via email?
Is there a way that ESB would know their forgotten password and email that to them
as they would have put their email into the details page?
This actually happened to me as an ADMIN lol and I had to abandon the project because i just could not
remember the password i used. There's no way, I think at present, to recover it is there?
Or did I miss it somehow (or does it allow a reset once it's built? I honestly can't remember.)
Is this something we need to be concerned about?
Thanks, mate,
just going through the security side of things.
Robbie.

 

[TigerSoftware]

Is this a multi-user program or just an individual using it?

I assume 99% of programs created will be for individuals. I don't see why you need security on for those individuals. If someone has control over their computer than they are in serious trouble and our programs will be insignificant to what websites and accounts the hackers would have access too.

Thomas

 

[schmutly]

Sorry Thomas,
my understanding to "password" protect the software is so others can't see the data..if its that kind of program?

All i mean is
1. We enable the security addon for software we made so customers can protect their software data from someone else looking at it.
2. He gives it a password. All good so far. but he chose a long stupid one and didn't write it down, it will happen.
3. He opens the program and it asks for the password to use app. He can't remember it. It lets him try 3 times only
then the app closes.
4. He opens again and tries 3 more times and can't get back in.
5. He contacts me and says his program is not working because he chose a bad password and can't get back into it.

So my question is what can I do to help him?
The option to have data-protected software with security(password option only I guess I use it for) was a great addition and I love it.
But even if we test it in ESB right now, as is..and put in a password and we forget it there is at present no way to reset the password
if we, the creator, forget it. I tried in the model editor to see if I could clear it out. But i couldn't. I have to abandon having it password-protected as we have no way of resetting it, even before we have 'built' it. While still designing it.

If I made a financial budget type software I would want the "password" as an option for them to keep prying eyes out of
their financial data, ....that's all I was meaning. Isn't that a good thing? Even for an individual, I think it was a great idea when you added it.
Maybe we don't need the roles and users
and just allowing it to have the password-protected option is good.

I think this question was too deep. And the answer was for mutli-user...so no prob, i got that.
I realized that I cannot protect individual software then by using the security addon and only using the
password/login to program part of the security addon. This is all ok.
I just want to say, if I can please, is that If we inadvertently use it and change our ADMIN PASSWORD and in the
extremely rare case that we forgot what we used as the "admin" password...then at present from my understanding
we cannot get back into the project file at all. If we turn off the "security addon" we can...it will run without it but because
we have forgotten what password we changed our Admin to we are locked out if the addon is reenabled.
I completely apologize for the long-winded way of saying it but I guess that is all I was trying to get to.
And if you try it now (you'll have to pretend you forgot the password...) then in ESB, even for the developer, there's no way
we can reset it to blank unless there was a way in the model editor...failing that we can't use the project file

 

[schmutly]

OK..breath..here we go Had a think about simply how to word it.
I am referring to the ADMIN here...sorry, I should have said that.
Currently....as the admin creating a project file...I tick security addon. I will only use the password part of this addon as I don't want anyone else to run this app as it contains data that is sensitive and confidential. So I tick "reset the new password on restart" or whatever it's called (it's late here I can't remember the wording sorry.)
So project file restarts. I run it. The login dialog box appears. I type in Admin (already set) and password as $#RerGF34vvSAZDEswd
I chose that just to be fun. But someone might do a password that's clever but forget what it was (even in the repeat password box)
It happens. A lot. I can't remember 99% of my passwords which is why I use Roboform for 15 years. But RoboForm can't automatically ADD this password, at least I haven't worked it out.
Anyway...I go on holiday, say, for a few weeks and come back to it and for the life of me (or a customer) cannot remember what I changed it to.
I tried 50 passwords...no luck.
At present, there's no way to reset passwords (reset ADMIN password) except it would be good to be able to either have an automation script send an email that they used in the admin area(of security addon) with their password.

But....as it stands now my main concern simple is that as the Admin developer of the "project file" we are working on...at the moment there is no way to get back into a project file that has had security turned on and the Admin login password for the APP when it starts, if forgotten, won't open..understandably. Simple put or as the Internet loves using:
TL;DR
Once you forget the Admin Login Password you set to open your project file (or a created build app with security addon used) you are given 3 tries to open the app but then it closes and said talk to your Admin. I am the Admin and cannot get in to reset it myself lol.

PS: Thomas, please help me understand. No one is coming in and helping with bugs and testing. Today I wanted to test the Security Addon and I realized that I can't open an app from 2017 that had security on for the password only.
I know I'm an idiot mate but for the life of me, I couldn't remember that PW for it.

If the Security Addon is only for multiuser and i shouldn't be using it for passwording Apps with sensitive data then I apologize Thomas and I just didn't understand it properly. I'm trying my hardest. Spending as much time testing things out. Wish others would help just a little. off to bed now. Hope that was a little clearer Thomas. Just trying to understand it.

 

[TigerSoftware]

If there is only one individual person using the software, they don't need security. Their Windows login is their security.

Multiuser, many people using the same database, is different and a admin (who remembers their password) will have to change the user's password. You would also want to use the Roles features so a user couldn't access certain data.

Right now, these programs are single user programs and not multiuser.

Me being curious... what other non ESB programs do you have that require a login for sensitive data?

Thanks,


Thomas

 

[schmutly]

what other non ESB programs do you have that require a login for sensitive data?

None. Good point. I couldn't find any docs on this addon and was curious. In cashflow manager, you are warned in the docs, like any IT pro will agree as you said, that it's critical that Admin remembers their password...or they're not much good at their job.
I went down a rabbit hole and wasted time, better spent on other things.Sorry.

 

[TigerSoftware]

None. Good point. I couldn't find any docs on this addon and was curious. In cashflow manager, you are warned in the docs, like any IT pro will agree as you said, that it's critical that Admin remembers their password...or they're not much good at their job.
I went down a rabbit hole and wasted time, better spent on other things.Sorry.

The security addon was there in the beginning. I don't see much use out of it these days with the addition of the WebApi. I will be adding security features to the WebApi for multi-user support after this version is released. That way anyone can work from anywhere accessing the same online database. Unlike the current setup that has the database stored on the local computer.


Thomas