Blog

DaDaBIK 6.2 is out, security alert and fixes

Posted by Eugenio on 24 Jun 2014

Dear all,
DaDaBIK 6.2 is out and the main reason of its release is a bug related to Wordpress authentication which represents a security issue. You can find all the details, together with the list of the other bugs fixed and changes, in the change log.

If you want to upgrade to DaDaBIK 6.2 you DON'T have to write to payments at dadabik dot org anymore, there is now a specific upgrade page

DaDaBIK 6.1 is out, security and other bug fixes, some UX improvements

Posted by Eugenio on 2 Jun 2014

Dear all,
the release of DaDaBIK 6 was a success, thanks a lot for your reaction and for your valuable feedback!

In particular I would like to say thank you to user Philipp, who provided very helpful insights.

DaDaBIK provides now a professional set of features, and custom PHP pages, introduced with DaDaBIK 6, allow to adopt and customize a DaDaBIK application to an extremely vast number of use cases.

I am currently using DaDaBIK myself for a quite big and complex project, exploiting it as much as possible to build most of the application without coding and using custom PHP pages whenever I need very specific features. I am realizing every day more that it is time to focus for a while on usability and user experience, especially on the admin side.

This version fix several bugs, including a security bug about quick search listboxes showing values they shouldn't (all the details here).

DaDaBIK 6.1 also introduces some improvements on the UX side, here is a couple of them:


  1. Setting permissions is now much faster (you can save the permission settings related to all the fields in a table with one click)


  2. You have now a $treat_blank_as_null option which allows to:

    • Treat empty form fields as NULL values during insert and update

    • View NULL values as empty form fields during edit


    This new approach, according to the feedback we have received, should make the use of a DaDaBIK application much more friendly to non-technical users.



As usual you can find the complete list of fixes and changes here and, if you are in your free upgrade period, you can get a copy writing to payments@dadabik.org

DaDaBIK 6 is here with big news

Posted by Eugenio on 25 Mar 2014

Dear all,
it has been a long wait but DaDaBIK 6 is finally here.

It is an important major release so let me say a couple of words about the history of this software and about the direction I want to take.

I conceived the very first DaDaBIK prototype long time ago, it was 1999 or 2000 I can't even remember exactly. The name of the tool was not DaDaBIK but the idea behind was the same; believe it or not, it was written in ASP :)

At that time I remember I had to write more or less the same DB front-end twice, I was frustrated about that so I realized I needed a tool to automate the whole development process. The first attempt was probably a very buggy priece of software :)

A few months later I met the PHP community and I decided to rewrite everything from scratch - this time in PHP - and that's how the real DaDaBIK was born.

Of course I couldn't imagine that it would have become popular and eventually become a real product that after 14 year and tons of improvements is still here.

I often referred to DaDABIK as a DB front-end generator but this definition is now too limiting, especially considering the new DaDaBIK 6. DaDaBIK is now a real Rapid Application Development tool for web app development.

DaDaBIK 6 comes with several new features: some of you will be happy to hear that I have finally kept my promise with the community and I have reintroduced the select multiple field type (both multiple listbox and checkboxes), others will be glad that DaDABIK has now an improved engine that can easily handle millions of records and can be even 70% faster or that, finally, it provides a real modern date picker. But DaDaBIK 6 (Enterprise) also comens with another crucial feature, currently provided as experimental: YOU CAN NOW CREATE CUSTOM PAGES and attach to them COMPLETELY CUSTOM PHP code.

Applications created with DaDaBIK are now limitless: you can use the ready-to-go DaDaBIK features to create some sections of your application without any coding and then for the more specific and complicated features you can use your own custom code.

The good news is that you can still build a simple web app/front-end for your DB in a few minutes, even if you are not a programmer :)

As usual you can find the complete list of the new features here, together with the list of the general and security bugs fixed.

In order to promote the adoption of DaDaBIK 6 Enterprise, for just 10 days (until April 4th) IT WILL BE ON SALE AT €95 instead of €160.

As usual, even if it is a major release, if you are in your free upgrade timeframe you can get your DaDaBIK 6 copy (Basic, Pro or Enterprise) for free writing to payments at dadabik org and attaching your invoice.

Some customers also asked about a maintenance license and it has been introduced for DaDaBIK Enterprise: if you purchased DaDaBIK Enterprise more than one year ago (so you are out of your free upgrade timeframe), you can still get the new DaDaBIK 6 paying a €65 maintenance fee, which will give you an additional year of free upgrades. Of course there's no obligation to keep paying the yearly fee during the following years.

That's all, I hope you will enjoy DaDaBIK 6; your feedback, as usual, is very welcome!

OT: let me also spend a couple of OT words about another project I am involved in: if you love music or even if you are just curios have a look at Mentor.FM. It's a project I have been working since a few years and it's now officially available in 200+ countries in partnership with Deezer. It's a personalized music radio/curator and I will love to have your feedback on it as well :)

Enjoy!

Eugenio

DaDaBIK 5.1.2 is out: Security and other bug fixes

Posted by Eugenio on 23 Jul 2013

Dear all,
a new release, DaDaBIK 5.1.2, is out. It is the 57th version since I started to work at this software and probably the last 5.x one.

DaDaBIK 5.1.2 is mainly a maintenance release which fixes a security problem and other bugs. A new known bug has also been added to the documentation and will be fixed with DaDaBIK 6 because it requires core changes that we are going to apply anyway in DaDaBIK 6.

All the details, including the description of the security issue fixed, in the change log.

Thanks a lot to all the customers for their very valuable feedback.

Cheers,

Eugenio

Security Alert, DaDaBIK 5.1.1 is out, please upgrade

Posted by Eugenio on 20 Mar 2013

Dear DaDaBIK users,
we have found a security hole and DaDaBIK 5.1.1 has been published to fix it.

If two DaDaBIK applications were installed under the same domain (e.g. http://mysite.com/dadabik_one/ and http://mysite.com/dadabik_two/) and another page X set a PHPSESSID cookie valid in the whole domain (i.e. having path / ), a user who visited X and login into one of the DaDaBIK application could access the other DaDaBIK application without logging in. X could be for example a normal php page having a session_start() statement.

While this bug is related to a known bug, already documented:
"Malicious users could use PHP scripts for setting session variables to particular values in order to bypass the login procedure and get unauthorized access to DaDaBIK. These scripts must be hosted on the same domain where the DaDaBIK target installation is hosted." the fact that it may occur even without the presence of a malicious script made it even worst.

A new parameters ($secret_key) is now available and required in config.php; its value, which must be secret and different for each DaDaBIK application you create, fixes this known bug, including the case explained above.

The Wordpress plugin has also been upgraded and requires to set a $secret_key variable as well (see installation instructions for details).

DaDaBIK 5 PRO and ENTERPRISE users can request DaDaBIK 5.1.1 for free writing to payments at dadabik dot org; DaDaBIK 5 Basic users who have purchased DaDaBIK in the last two months are eligible to do the same.

All the other users, even if they are not anymore eligible for a free upgrade, can apply the security patch manually by following these instructions. Please note that the instructions cannot be used for DaDaBIK 5 PRO and ENTERPRISE.

Page 11 of 27
<  11  12  13  14  15  16  17  18  19  20  >  

Top