Notice: CMSB v2.08 Released (Security Enhancements)
1 posts by 1 authors in: Forums > CMS Builder
Last Post: April 20, 2011 (RSS)
By Chris - April 20, 2011 - edited: April 29, 2011
We've just released CMS Builder v2.08!
The major new feature is Password Encryption: simply put, if someone gains access to your database, they won't be able to get your users' passwords.
Password Encryption will be enabled by default for new CMS Builder installations, but if you're upgrading you can enable it here: Admin > General Settings > Advanced Settings > Encrypt Passwords.
Please note: it's not possible to decrypt passwords or undo this feature; if you have custom code which relies on being able to read user account passwords from your database, you won't be able to use this feature (but you can still upgrade.) Make sure to back up your database before enabling this feature and test any login-related code immediately after.
Also note: Website Membership does not currently work with Password Encryption. If you are using Website Membership, do not enable Password Encryption just yet; we're working on a new version of Website Membership which will be available as soon as possible.
There's also a new "Require HTTPS" option which can be used to make your site even more secure. When enabled, users will not be able to login via http:// and will be redirected to https://
There a few other changes, including "Admin Only" and "Editor Only" fields, and lots of other small improvements and bug fixes.
For a full list of changes, please visit the CMS Builder changelog:
http://www.interactivetools.com/tour/changelog.php
CMS Builder users can upgrade by donation at this page:
http://www.interactivetools.com/upgrade/
Please feel free to post your feedback and questions! We're always eager to get your feature requests and bug reports, every single release is full of user requested fixes and features. Post in the forum or email Dave at dave@interactivetools.com.
Thanks!
The major new feature is Password Encryption: simply put, if someone gains access to your database, they won't be able to get your users' passwords.
Password Encryption will be enabled by default for new CMS Builder installations, but if you're upgrading you can enable it here: Admin > General Settings > Advanced Settings > Encrypt Passwords.
Please note: it's not possible to decrypt passwords or undo this feature; if you have custom code which relies on being able to read user account passwords from your database, you won't be able to use this feature (but you can still upgrade.) Make sure to back up your database before enabling this feature and test any login-related code immediately after.
Also note: Website Membership does not currently work with Password Encryption. If you are using Website Membership, do not enable Password Encryption just yet; we're working on a new version of Website Membership which will be available as soon as possible.
There's also a new "Require HTTPS" option which can be used to make your site even more secure. When enabled, users will not be able to login via http:// and will be redirected to https://
There a few other changes, including "Admin Only" and "Editor Only" fields, and lots of other small improvements and bug fixes.
For a full list of changes, please visit the CMS Builder changelog:
http://www.interactivetools.com/tour/changelog.php
CMS Builder users can upgrade by donation at this page:
http://www.interactivetools.com/upgrade/
Please feel free to post your feedback and questions! We're always eager to get your feature requests and bug reports, every single release is full of user requested fixes and features. Post in the forum or email Dave at dave@interactivetools.com.
Thanks!
All the best,
Chris
Chris