How to disable “Login again” feature?
31 October, 2014
Dear YF Support Team!
For security reasons, we would like to disable the "Login again" feature:
After reading through the Wiki and having a closer look at the config menue I was not able to find a respective config setting.
Could you please guide me to such a setting. It is quiet important for us to disable this feature.
Thank you so much & kind regards,
Sebastian
For security reasons, we would like to disable the "Login again" feature:
After reading through the Wiki and having a closer look at the config menue I was not able to find a respective config setting.
Could you please guide me to such a setting. It is quiet important for us to disable this feature.
Thank you so much & kind regards,
Sebastian
Hi Sabastian
Hope all is well and you are ready for the weekend.
Have a few of questions.
-When do you get this current login prompt? Once timed out or after choosing Logout then Logging in again?
-When you click on Login again does it log you in without prompting for a password?
-If it is asking for the password then what is the security issue you foresee?
-Do you not want to have the message show who was previously logged in?
-What is the version of the Yellowfin you are using?
Thank you
Mark
Hope all is well and you are ready for the weekend.
Have a few of questions.
-When do you get this current login prompt? Once timed out or after choosing Logout then Logging in again?
-When you click on Login again does it log you in without prompting for a password?
-If it is asking for the password then what is the security issue you foresee?
-Do you not want to have the message show who was previously logged in?
-What is the version of the Yellowfin you are using?
Thank you
Mark
Hi Mark,
thank you for your feedback. Please see the answers to your questions below:
1) We are getting this login prompt when the user did not click on "Logout" and the session is timed out (after 30 minutes in our system).
2) Yes, when clicking on "Login again", Yellowfin logs me in WITHOUT prompting for a password
3) There is no password prompt - that is our security concern.
4) The message which shows who was logged in before is no problem. The security issue is accourding to us the missing password prompt after clicking on "Login again".
(5) We are using the latest YF 7.1 (build 20141029).
I hope there is a way do disable this "Login again" feature.
Thank you so much & kind regards,
Sebastian
thank you for your feedback. Please see the answers to your questions below:
1) We are getting this login prompt when the user did not click on "Logout" and the session is timed out (after 30 minutes in our system).
2) Yes, when clicking on "Login again", Yellowfin logs me in WITHOUT prompting for a password
3) There is no password prompt - that is our security concern.
4) The message which shows who was logged in before is no problem. The security issue is accourding to us the missing password prompt after clicking on "Login again".
(5) We are using the latest YF 7.1 (build 20141029).
I hope there is a way do disable this "Login again" feature.
Thank you so much & kind regards,
Sebastian
Hi Sebastian
The Dev team has confirmed this is a bug.
A defect has been logged.
Looks like Danny let you know via email last night.
Thank you for finding the bug!
Mark
The Dev team has confirmed this is a bug.
A defect has been logged.
Looks like Danny let you know via email last night.
Thank you for finding the bug!
Mark
Hi Mark,
thank you for your post. But I think you mixed up two issues. ;-)
The email of Danny has confirmed the "Autocomplete=OFF" bug. The described issue above is a completely different issue regarding the "Login Again" security leak.
It would be great if you could have a second look at this and discuss this issue with Danny or the Devs again.
Thank you so much & kind regards,
Sebastian
thank you for your post. But I think you mixed up two issues. ;-)
The email of Danny has confirmed the "Autocomplete=OFF" bug. The described issue above is a completely different issue regarding the "Login Again" security leak.
It would be great if you could have a second look at this and discuss this issue with Danny or the Devs again.
Thank you so much & kind regards,
Sebastian
Hi Sebastian
I was hoping you would confirm this.
My original question to AUS support was about the login not prompting for a password once timed out in YF.
The answer was given back to me via that question. I did notice the response was speaking about Chrome.
So we know a Dev fix was put in for Chrome issue. I will treat this Forum question as still open.
Thanks for the confirmation.
Mark
I was hoping you would confirm this.
My original question to AUS support was about the login not prompting for a password once timed out in YF.
The answer was given back to me via that question. I did notice the response was speaking about Chrome.
So we know a Dev fix was put in for Chrome issue. I will treat this Forum question as still open.
Thanks for the confirmation.
Mark
Hi Sebastian
No luck with the testing here so I wanted to let you know I will be speaking with Dev in AUS about this security issue to see if there is an option to turn the password prompt on.
They are on holiday on Tuesday but will be back the following day.
Thank you
Mark
No luck with the testing here so I wanted to let you know I will be speaking with Dev in AUS about this security issue to see if there is an option to turn the password prompt on.
They are on holiday on Tuesday but will be back the following day.
Thank you
Mark
Hi Mark!
Thank you for your continued support! Looking forward to the result of your investigation.
Kind regards,
Sebastian
Thank you for your continued support! Looking forward to the result of your investigation.
Kind regards,
Sebastian
Hi Sebastian,
There is a way to disable the "Login again..." option. It requires running this SQL query against the Yellowfin database:
[code]update Configuration set ConfigData = 'NO'
where IpOrg = 1
and ConfigTypeCode = 'SYSTEM'
and ConfigCode = 'LOGONCOOKIE'[/code]
Then you will need to restart Yellowfin to pick up the change.
If you want to re-enable the option, change the setting back to 'YES'.
Thanks,
Steve
There is a way to disable the "Login again..." option. It requires running this SQL query against the Yellowfin database:
[code]update Configuration set ConfigData = 'NO'
where IpOrg = 1
and ConfigTypeCode = 'SYSTEM'
and ConfigCode = 'LOGONCOOKIE'[/code]
Then you will need to restart Yellowfin to pick up the change.
If you want to re-enable the option, change the setting back to 'YES'.
Thanks,
Steve
Sebastian,
Just a cautionary footnote, be sure your database is backed up before attempting any
back-end updates.
Kind Regards,
Danny
Just a cautionary footnote, be sure your database is backed up before attempting any
back-end updates.
Kind Regards,
Danny
Hi Steve!
Thank you for the SQL. This was exactly what I was looking for. I applied it and the "Login Again" possibility disappeared - Great!
Thank you again & kind regards,
Sebastian
Thank you for the SQL. This was exactly what I was looking for. I applied it and the "Login Again" possibility disappeared - Great!
Thank you again & kind regards,
Sebastian
Thank you for your patience Sebastian.
And thank you Steve for the answer to this question !
Mark
And thank you Steve for the answer to this question !
Mark
Has this bug been fixed? If yes which version of Jar file should we use in our application.
Thank you for checking in
I will see if the fix has been completed.
Mark
I will see if the fix has been completed.
Mark
Hi Sebastian
Looks like the fix was completed in time for the latest build from 20141128.
Any issues with it let us know.
Thank you
Mark
Looks like the fix was completed in time for the latest build from 20141128.
Any issues with it let us know.
Thank you
Mark