======================================================================== WebSentinel Version History (c) 2000 Purity Software, Inc. http://www.purity.com/ ======================================================================== What's New in v2.1.2? --------------------- WebSentinel v2.1.2 addresses a situation where protected realms were not properly being identified as a secure area with certain, specific URLs. Realm processing was changed to always decode the URL before checking against the match stringFor example, "/%21helloworld%21/" is decoded to "/!helloworld!/" before any checks are done, so the match string should be "/!helloworld!/"; if you currently use encoded characters in match strings you will need to update any realms to use the normal characters instead. A few small bugs were also addressed in this release. Domain-wide cookies - A new feature was added in WebSentinel v2.1.2 to allow multiple servers in the same domain to be accessed by a user without having to reauthenticate. This feature only applies when using form-based authentication. For example, if the hostname of the web server is "www.domain.com", then the user will also have access to "www2.domain.com" without having to re-login. This assumes that the user has an account under both host names with the same username and password. In the WebSentinel Admin preferences dialog there is a new checkbox for "set cookie across multiple machines" to enable this setting. There is also a new script in the Extras folder of this distribution to enable/disable this setting via a web form. See the Set Cookie Domain folder for more information. For a complete list of changes, please see the WebSentinel Change History file included with the distribution. Change History -------------- v2.1.2 Released: May 24, 2000 - realm list updates grep when realm changes - set cookie across multiple machines checkbox in Admin prefs - fixed ability to drag user icon onto group icon - changed set-cookie header to always use path=/ - added special "sentinel_fullpost" param for web scripts to access full POST body - fixed security hole by changing realm processing to always decode the URL before checking against the match string - fixed times when user cache is cleared to make sure users are purged from cache when permissions change - fixed Admin Prefs that showed "set cookie across multiple machines" to be checked even know it isn't (for first time use only) - fixed missing dot in domain param in set-cookie header (use .domain.com instead of domain.com) v2.1.2b7 Released: May 15, 2000 - setting cookies for *.domain.com now works - improved error and exception handling so that better errors will be logged, and better understanding of W*API error codes - included AppleScript example "Domain Cookie Script" that serves two purposes: 1) it allows setting of whether to set the cookie for web-based login forms across multiple machines 2) another example of how extending the web-based admin works (see the read me for details) - other misc fixes v2.1.2b6 Released: May 11, 2000 - should use domain.com instead of www.domain.com when setting cookies - outputs more debug messages to web server status window that may help in tracking down why web-based admin and scripts don't work with ASIP v2.1.2b5 Released: April 25, 2000 - special release -- adds the domain to the Set-cookie header, i.e. domain=purity.com. It looks at the Host header and takes the domain out of that. (if the server address is bob.fred.purity.com for example it will use purity.com, etc) v2.1.2b4 Released: April 3, 2000 - fixed crashing problem related to memory bug (when memory was low) when using the scripting interface. - fixed big memory leak when using the scripting interface. v2.1.2b3 Released: April 7, 2000 - added support to WebSentinel API for connecting to remote machine - updated FM Data Target to use remote machine preference v2.1.2b2 Released: Feb 18, 2000 - fixes a bug parsing the cookie headers that caused the login form to break if the sentinel_user cookie was not the first cookie defined v2.1.2b1 Released: Jan 10, 2000 - increases the buffer for URLs to 5K v2.1.1 Released: January 5, 2000 - Fixed crashes and memory leaks in Verona Data Target. - Updated redirect realm icon in WebSentinel Admin to have arrow. - Fixed bug that caused WebSentinel Admin to only display 3750 users. - Fixed broken export/import of some user fields in WebSentinel Format. - Fixed bug in web-based admin that prevented realm redirect URL from being displayed. - Fixed bug that prevented workstations from being removed from cache via web server status window. - Fixed bugs and potential memory leaks in user/workstation authorization code for built-in data target. - Fixed problem where realm names in popup menu in web server status window would have command keys if realm names contained "/" characters. - Fixed broken GREP checkbox in web-based admin. - Fixed broken expiration options for users in web-based admin. - Added check in web-based admin to prevent users/workstations being created with duplicate names. - Fixed some memory leaks in the web-based admin script compilation/cache. - Fixed message when error occured during workstation authorization to correctly show client IP address instead of empty string. - Fixed bug that may have caused problems when removing realm settings. - Worked around crash with WebSTAR 4.1's automatic NetCraft registration (may be WebSTAR bug). - Fixed security hole in hostname checking when IP address was specified in realm match string. - Fixed crash when deleting items in WebSentinel Admin if Apple guide wasn't installed. - Fixed crash when cancelling connection window in WebSentinel Admin if Apple guide wasn't installed. - Fixed several leaks in WebSentinel Admin. - Removed special /about.sentinel URL. - Removed unnecessary "GetGroup" output in WebSTAR message window when using WebSentinel Admin. - Fixed big memory leak in web-based interface. - Made WebSentinel Plug-in redirect to web-based admin if /admin.sentinel is attempted. - Improved redirects to use Host header if available (otherwise uses VDM parameter, which may be an IP address for unconfigured servers). - Increased thread stack space for web admin to fix error when saving users. - Switched web-based admin URL to /pi_admin.sentinel instead of /admin.sentinel. - Sped up WebSentinel Format imports in Admin by not combining duplicate users for that format. - Updated HTML documentation to format better in Apple Help.