| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:52 | |
| *** immotus_ (~immotus@rrcs-24-153-193-34.sw.biz.rr.com) has joined #wikid | 17:13 | |
| immotus_ | I need to modify an old version of WiKID for PCI compliance (password form on login page does not have the "autocomplete='off'" attribute). I believe i've found the file to change (/opt/WiKID/tomcat/work/Catalina/localhost/WiKIDAdmin/org/apache/jsp/protected_/login_jsp.java).. but restartin the WiKID service doesn't pick up the change | 17:16 |
|---|---|---|
| nowen | immotus_: what version are you running? | 17:17 |
| immotus_ | nowen: don't laugh.. it's wikid-server-enterprise-3.4.1.b3314-1 | 17:17 |
| immotus_ | and no, we're not ready to upgrade yet | 17:17 |
| immotus_ | :^) | 17:17 |
| nowen | is your license up to date? | 17:17 |
| immotus_ | I believe it is | 17:18 |
| nowen | what company are you with? | 17:18 |
| immotus_ | I'm not sure how to verify, though | 17:18 |
| nowen | it could be cached in /opt/WiKID/tomcat/work. stop wikid, delete that dir and see | 17:20 |
| nowen | here's the changelog, btw | 17:21 |
| nowen | http://www.wikidsystems.com/downloads/changelogs/enterprise-changelog | 17:21 |
| immotus_ | nowen: is the "work" directory automatically recreated with tomcat starts? | 17:22 |
| nowen | yes | 17:22 |
| * immotus_ is trying it now | 17:24 | |
| immotus_ | no change :^| | 17:24 |
| immotus_ | am I not editing the correct file? | 17:25 |
| nowen | oh, yeah, | 17:25 |
| nowen | try /opt/WiKID/tomcat/webapps/WiKIDAdmin/protected/login.jsp | 17:26 |
| immotus_ | nowen: hey! it worked that time :^) | 17:27 |
| nowen | yay! | 17:27 |
| immotus_ | nowen: didn't even have to restart.. or escape any quote marks in the source file | 17:27 |
| immotus_ | will I have to make that modification on every restart? | 17:28 |
| nowen | no, but it might get overwritten in an upgrade | 17:28 |
| nowen | doesn't seem like a concern ;-) | 17:28 |
| nowen | but I'm surprised that version is passing pci | 17:28 |
| immotus_ | nowen: heh.. we do want to upgrade.. we ran into a major snag the last time we tried, though. | 17:28 |
| immotus_ | hopefully soon we'll try again | 17:28 |
| nowen | what? | 17:29 |
| immotus_ | I don't remember all of the details right now.. someone else was doing the upgrade | 17:29 |
| nowen | ok, | 17:29 |
| immotus_ | they used this chat room for help, though.. and I gave a quick stab at trying to figure it out with ya'll as well.. so it's probably in the IRC logs somewhere.. | 17:30 |
| immotus_ | a problem for another day, though :^) | 17:30 |
| immotus_ | nowen: thanks for helping me out with todays problem! :^) | 17:30 |
| nowen | np | 17:30 |
| *** tmg_ has quit (Remote host closed the connection) | 17:35 | |
| immotus_ | nowen: I checked the changelog you sent me a link to. I'm not sure if this particular PCI compliance issue is mentioned there.. unless it is "Enforce password complexity on WiKIDAdmin for PCI Compliance" It is such a minor thing, though, that it probably isn't worthy of being on that changelog :^) | 17:41 |
| nowen | I don't think the latest version has autocomplete='off' | 17:42 |
| nowen | We'll have to add it | 17:42 |
| immotus_ | nowen: I'm actually assuming that that will be enough to cover the PCI compliance scan.. the actual concern that was raised was "Autocomplete enabled for sensitive HTML form fields".. I don't know if "autocomplete=off" is sufficient, but I can't think of any other way... nevermind the browser can override it pretty easily :^) | 17:43 |
| nowen | true | 17:45 |
| nowen | I've never had the autocomplete come up before | 17:51 |
| immotus_ | nowen: neither had we.. this is the first PCI scan we've had that asked us to 'fix" it | 17:58 |
| immotus_ | nowen: These guys pointed it out to us.. http://www.alertlogic.com/ | 18:00 |
| nowen | hmm | 18:05 |
| estranger | nowen: Hey.. we're still having paypal issues. Can I just use the contact us form for that Stripe PO, or another address? | 19:27 |
| nowen | yes, just let me know the number of seats, proper email address | 19:27 |
| estranger | cool, just sent it in thanks | 19:29 |
| nowen | ok | 19:30 |
| nowen | send it to your email? | 19:30 |
| estranger | it's my bosses info, send it there, he's ready for it | 19:30 |
| nowen | ok | 19:30 |
| nowen | on it's way! | 19:37 |
| estranger | thanks! I'm sure he'll do it today or tomorrow | 19:38 |
| nowen | ok - gotta run. my wife had to go to a funeral and I'm doing double-duty the next couple of days. | 19:38 |
| estranger | ok, take care, gl | 19:38 |
| nowen | later | 19:38 |
| *** nowen has quit (Quit: Leaving.) | 19:38 | |
| *** immotus_ has quit (Quit: Konversation terminated!) | 22:34 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!