WebSentinel v2.1.2 Release Notes

======================================================================== 
WebSentinel Version History

(c) 2000 Purity Software, Inc.                    http://www.purity.com/
======================================================================== 
  
What's New in v2.1.2?
---------------------
WebSentinel v2.1.2 addresses a situation where protected realms were not 
properly being identified as a secure area with certain, specific URLs. 
Realm processing was changed to always decode the URL before checking 
against the match stringFor example, "/%21helloworld%21/" is decoded to 
"/!helloworld!/" before any checks are done, so the match string should 
be "/!helloworld!/"; if you currently use encoded characters in match 
strings you will need to update any realms to use the normal characters 
instead. A few small bugs were also addressed in this release. 

Domain-wide cookies - A new feature was added in WebSentinel v2.1.2 to 
allow multiple servers in the same domain to be accessed by a user 
without having to reauthenticate. This feature only applies when using 
form-based authentication. For example, if the hostname of the web 
server is "www.domain.com", then the user will also have access to 
"www2.domain.com" without having to re-login.  This assumes that the 
user has an account under both host names with the same username and 
password. In the WebSentinel Admin preferences dialog there is a new 
checkbox for "set cookie across multiple machines" to enable this 
setting. There is also a new script in the Extras folder of this 
distribution to enable/disable this setting via a web form. See the Set 
Cookie Domain folder for more information. 

For a complete list of changes, please see the WebSentinel Change 
History file included with the distribution.

Change History
--------------
v2.1.2 
Released: May 24, 2000

- realm list updates grep when realm changes
- set cookie across multiple machines checkbox in Admin prefs
- fixed ability to drag user icon onto group icon				
- changed set-cookie header to always use path=/
- added special "sentinel_fullpost" param for web scripts to access 
full POST body
- fixed security hole by changing realm processing to always decode 
the URL before checking against the match string 
- fixed times when user cache is cleared to make sure users are purged 
from cache when permissions change
- fixed Admin Prefs that showed "set cookie across multiple machines" 
to be checked even know it isn't (for first time use only)
- fixed missing dot in domain param in set-cookie header (use .domain.com 
instead of domain.com)

v2.1.2b7
Released: May 15, 2000

- setting cookies for *.domain.com now works
- improved error and exception handling so that better errors will be logged, 
and better understanding of W*API error codes
- included AppleScript example "Domain Cookie Script" that serves two purposes:
	1) it allows setting of whether to set the cookie for web-based login forms 
	across multiple machines
	2) another example of how extending the web-based admin works 
	(see the read me for details)
- other misc fixes

v2.1.2b6
Released: May 11, 2000

- should use domain.com instead of www.domain.com when setting cookies
- outputs more debug messages to web server status window that may help 
in tracking down why web-based admin and scripts don't work with ASIP

v2.1.2b5
Released: April 25, 2000

 - special release -- adds the domain to the Set-cookie header, 
 i.e. domain=purity.com. It looks at the Host header and takes the 
 domain out of that.  (if the server address is bob.fred.purity.com for 
 example it will use purity.com, etc)

v2.1.2b4
Released: April 3, 2000

 - fixed crashing problem related to memory bug (when memory was low) 
 when using the scripting interface.
 - fixed big memory leak when using the scripting interface.

v2.1.2b3
Released: April 7, 2000

 - added support to WebSentinel API for connecting to remote machine
 - updated FM Data Target to use remote machine preference

v2.1.2b2
Released: Feb 18, 2000

 - fixes a bug parsing the cookie headers that caused the login form to 
 break if the sentinel_user cookie was not the first cookie defined

v2.1.2b1
Released: Jan 10, 2000

 - increases the buffer for URLs to 5K


v2.1.1
Released: January 5, 2000

 - Fixed crashes and memory leaks in Verona Data Target.
 - Updated redirect realm icon in WebSentinel Admin to have arrow.
 - Fixed bug that caused WebSentinel Admin to only display 3750 users.
 - Fixed broken export/import of some user fields in WebSentinel Format.
 - Fixed bug in web-based admin that prevented realm redirect URL from 
   being displayed.
 - Fixed bug that prevented workstations from being removed from cache 
   via web server status window.
 - Fixed bugs and potential memory leaks in user/workstation authorization 
   code for built-in data target.
 - Fixed problem where realm names in popup menu in web server status 
   window would have command keys if realm names contained "/" characters.
 - Fixed broken GREP checkbox in web-based admin.
 - Fixed broken expiration options for users in web-based admin.
 - Added check in web-based admin to prevent users/workstations being 
   created with duplicate names.
 - Fixed some memory leaks in the web-based admin script compilation/cache.
 - Fixed message when error occured during workstation authorization to 
   correctly show client IP address instead of empty string.
 - Fixed bug that may have caused problems when removing realm settings.
 - Worked around crash with WebSTAR 4.1's automatic NetCraft registration 
   (may be WebSTAR bug).
 - Fixed security hole in hostname checking when IP address was specified 
   in realm match string.
 - Fixed crash when deleting items in WebSentinel Admin if Apple guide 
   wasn't installed.
 - Fixed crash when cancelling connection window in WebSentinel Admin 
   if Apple guide wasn't installed.
 - Fixed several leaks in WebSentinel Admin.
 - Removed special /about.sentinel URL.
 - Removed unnecessary "GetGroup" output in WebSTAR message window 
   when using WebSentinel Admin.
 - Fixed big memory leak in web-based interface.
 - Made WebSentinel Plug-in redirect to web-based admin if /admin.sentinel 
   is attempted.
 - Improved redirects to use Host header if available (otherwise uses 
   VDM parameter, which may be an IP address for unconfigured servers).
 - Increased thread stack space for web admin to fix error when saving users.
 - Switched web-based admin URL to /pi_admin.sentinel instead of /admin.sentinel.
 - Sped up WebSentinel Format imports in Admin by not combining duplicate 
   users for that format.
 - Updated HTML documentation to format better in Apple Help.