MABrown

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 21 total)
  • Author
    Posts
  • in reply to: AD Sync Deleted Connections! #6366

    MABrown
    Participant

    Solved – sort of. Using the Admin console on the server, I was able to undelete the legacy account, which restored all of the connections as well. It would still be nice to be able to update the ownership of connections. I am hesitant to export the connections, allow them to be deleted by the sync, and then reimport them using the new account. If that breaks the forms that use those connections, it could be a real headache.

    in reply to: Associate existing users during sync #6365

    MABrown
    Participant

    What we are trying to avoid is a scenario where every time we synchronize, we have to locate and un-check a bunch of accounts to avoid having them deleted. It would be much better if we could setup the synchronization once and be able to run it without a lot of user interference (since otherwise it will never get done).

    in reply to: Problems with SQL Server 2008? #5775

    MABrown
    Participant

    Success! That worked; thank you very much!

    in reply to: Clone a production database for development purposes #5734

    MABrown
    Participant

    Perhaps I didn’t make myself clear. We have three licensed installations of PerfectForms, that is to say, we have purchased a production license, as well as two non-production licenses. In no way am I referring to an unauthorized copy.

    What I want to know is if there is a way to migrate everything from one licensed and paid-for environment to another licensed and paid-for environment, short of migrating each connection, report, and form design, and then recreating each form instance by hand.

    in reply to: Web Service Connection #5612

    MABrown
    Participant

    I have implemented a workaround by hosting a copy of the WSDL file on a local web server, but it doesn’t fully solve the issue.

    The Web Service provider for my connection requires the SOAP request contain the “Authorization” header. For testing, the connection works when I disable this requirement, however that is not a practical long-term solution. Is there a way to edit the values in the Authentication header to pass a logon and password?

    in reply to: Web Service Connection #5611

    MABrown
    Participant

    Since I cannot load the WSDL, I cannot create a connection in the first place. Is there a way to create a web service connection that does not use WSDL files?

    in reply to: Refresh Captcha Image #5400

    MABrown
    Participant

    Never mind, I just figured it out. The user can regenerate the image by clicking on it.

    in reply to: Valid e-mail address request #5399

    MABrown
    Participant

    You could always force the user to enter the email address without the domain. Add a text field followed by a label that reads “@yahoo.com”.

    Using brackets to represent the field, it would look something like:

    [(yourname)]@yahoo.com

    in reply to: Date Difference Function Error #5283

    MABrown
    Participant

    I have identified another day that is incorrectly calculating – July 3rd, 2010. For some reason, these errors seem to only occur when the start date is in the previous month.

    in reply to: Date Difference Function Error #5282

    MABrown
    Participant

    I have identified another issue with the date difference function for weekdays, this time in version 1.16. If a date range ends on January 3rd, 2011, it will calculate an extra day.

    For instance, the date difference for week days between Friday, December 31 and Monday, January 3rd is two, when it should be one.

    If the range is extended to January 4th, the difference remains at two. I used the test form I created for the original issue to test this issue.

    (note, I corrected the date, which is 2011)

    in reply to: Access SQL Server using Active Directory account #4978

    MABrown
    Participant

    Does that mean the PerfectForms Agent does not support Windows Authentication (AD Accounts) for accessing SQL Server?

    From what research I have done, it looks like PF Agent uses the jTDS JDBC driver to connect to SQL Server, and the documentation shows that jTDS does support Windows Authentication. I believe that it is necessary to populate a “Domain” parameter in the connection string (in addition to the username and password), but my knowledge and expertise is limited in this regard.

    Can you provide any details about how PF Agent connects to SQL Server that might help me better understand the process?

    in reply to: numeric field in table will not preserve changes #4869

    MABrown
    Participant

    I thought it might be a behavior, but I cannot find any where that field should be changed at the time the problem is occurring. Also, The fact that the problem is intermittent also makes me question if it is caused by a behavior. I would expect that a problem caused by a behavior running at the wrong time would at least run consistently at the wrong time, but this issue does not have any consistency.

    I have tried running in debug mode, but it is very slow so it will take a while to complete meaningful testing in this manner.

    We are running version 1.14

    in reply to: Tomcat on 64-Bit only? #4756

    MABrown
    Participant

    Another question on the topic of installing the Connection Agent. The Documentation calls for JDK, but the installation only works with the Java JRE. Is the documentation wrong?

    in reply to: Security problem in notification links #4721

    MABrown
    Participant

    I believe I now understand why the system sets roles based on notification URLs. Since unlicensed users can only be assigned a role based on an email address, and given that when a user opens the form the SSO module only returns the domain name, there is no way to correlate an unlicensed user to the email address assigned to the role. Instead, the role is tied to the URL in the notification.

    That is fine for unlicensed users; my behavior will send that username to LDAP and return the user’s email address, which I can then compare to the email address of the current role. The problem is when the notification is intended for a licensed user, where the URL is linked to the user information as well as the role.

    In our particular case, removing the World permissions is not a possibility. We need to allow both licensed and unlicensed users to access the form. We also cannot limit the system to “Domain Authentication Only” because we intend to deploy forms to users outside of the domain eventually as well.

    The idea of removing the role association from the notification and adjusting permissions based solely on the domain username is a possibility, but it will take a lot of work and is impractical, given the number of permissions in this particular form.

    Is there any way to disassociate the licensed user information from the link? I could also solve this problem if I can somehow determine if the SSO gateway was used. I tried to populate a field with the form URL to search against, but it always comes back as the non-SSO URL. (Perhaps you can also lend some insight as to why that is happening.)

    Finally, is there anyway to change the role after the instance has been opened? (Something like: If {condition is met}, role = {new Role}, else, role = “Unspecified”)

    I am currently looking into the possibility of sending a test form over.

    in reply to: Security problem in notification links #4714

    MABrown
    Participant

    You said, “If the forms are accessed via the SSO gateway, then this (User – domain username) field will only populate if a Perfectforms user is accessing the form…”

    However, this does not match my test results. If an unlicensed user is accessing a form instance (from a notification) via the SSO gateway, it is possible for a field set at form-open by the “User – Domain username” property to be populated, as could any field populated by one of the “User” properties, with the information of the intended recipient of the notification.

    Furthermore, when following such a link the form role is always determined by the intended recipient of the notification, thusly granting any user following that link the rights of that role. I know this because I am using the special-fields properties you describe in my added security.

    Here is how it works so far; in the “Form is opened” behavior, the form attempts to set three fields:

    Current Role – populated by “Form – Role” property

    Licensed Username – populated by “User – Domain username” property

    Unlicensed Username – populated by “Gateway – HTTP USER” property

    When a form instance is opened through a normal link or the dashboard, it behaves as you described. The role is determined by the user. If the user does not have permission, the role is “Unspecified”. Also, only one of the username fields is populated, depending on whether or not the user has a PerfectForms account. If a user attempts to bypass SSO, neither field is populated. This makes for an easy check.

    When a form instance is opened through a notification link, the “Current Role” field matches the role set when setting up the notification, regardless of who clicks the link – even if the instance is opened bypassing SSO. In the event the intended recipient of the notification is a licensed user, then the Licensed Username field is populated with their username, and can be opened by any unlicensed user (or anonymously).

    As a result, my security behavior cannot reliably check against the Current Role or Licensed Username fields, in the event the form is opened from a notification link. Also, I cannot setup the behavior to determine if the form was opened from a notification, so I am at an impasse. No matter how I configure my security, there is always a way around it.

    With respect to the comparison to username/passwords, most people keep that information in their memory, as opposed an email generated by a system that is not under their control, so I do not believe the comparison is fair. With respect to how a notification could become available to the wrong user, it could be as easy as forwarding a message to another user, but regardless of how it could be done, I would feel much more comfortable with the system if I didn’t need to worry about it at all.

Viewing 15 posts - 1 through 15 (of 21 total)
Do NOT follow this link or you will be banned from the site!