6 posts by 4 authors in: Forums > CMS Builder
Last Post: August 14, 2018   (RSS)

Hi everyone, 

We've just released v3.14 beta 5 (beta list members will get an email shortly). 

The major new features are:

  • File Uploader: We've implemented a new HTML5 uploader for easier multi-file uploading. This replaces the old defunct Flash uploader.
  • Security: Added a new option under Admin > General > Security "Encrypt Database Connections" for using SSL with MySQL.
  • Security: Added a new option in Field Editor > Advanced Options > Data Encryption - Automatically encrypt data stored in database.
  • Security: /data/ folder can now be stored outside of the web root. See /data/how_to_move_data_folder.txt for details.
  • Backup & Restore: Restore operations are now incremental and reload the browser to avoid timeouts with large backups.

NOTE: Betas 1 through 4 were internal, this is the first public beta release of v3.14.

If you're not already on the beta tester email list and you'd like to get notified of upcoming betas you can sign up here: http://www.interactivetools.com/news/manage.php

And you can download the latest beta here:
https://www.interactivetools.com/order/download.php

Please post any feedback, questions, or bugs you find! Thanks! 

Thanks! :)

Daniel
PHP Programmer
interactivetools.com

Nice. Happy to see the flash uploaded finally get upgraded.

I think the ability to be able to specify a secure upload field would be great, so that the uploaded files are stored outside of the web root folder and only accessible via CMSB functions.

Is anything like this on the roadmap?

Paul.

By daniel - August 8, 2018 - edited: August 8, 2018

Hi all,

It would be cool to get a bit more explanation on the new security aspects.  Something a bit more end-user marketing focus that I can pass on to clients about what this actually means in laymen's terms.  Would that be possible?

  • The "Encrypt Database Connections" setting is helpful to keep information secure on sites with a remote database, i.e.: when the database is on a different server than the website. When turned on, this setting requires the website and database to transmit all information securely and is analogous to accessing a website through HTTPS rather than HTTP. This does require the remote database be set up to accept secure connections.
  • The Data Encryption option can be used to specify specific fields in the CMS to be encrypted in the database, meaning that the contents of the field can only be accessed through CMSB functions. This is helpful if the database is being used to store any confidential or personal information so that if someone were to gain illegitimate access to the database or its backups the encrypted fields would remain inaccessible.
  • Moving the data folder outside of the web root adds an additional level of security to its contents, such as schema data, backups, and site settings. The data folder does already have measures in place to prevent it being accessed by the public, but placing it outside of the web root is a much more robust method to secure it.

I think the ability to be able to specify a secure upload field would be great, so that the uploaded files are stored outside of the web root folder and only accessible via CMSB functions.

Is anything like this on the roadmap?

Currently, CMSB can be configured to do this for all uploaded files (General Settings > Directories & Urls > Upload Directory). However, building a viewer to access these uploads would require some custom work, and be dependant on the needs of the specific project. We don't have any plans to add this sort of feature for individual upload fields, but we will keep it under consideration.

If you have a project you'd like to implement this on, I can try to point you in the right direction for a possible solution - I'd just need a few more details about the particulars of what you want to accomplish.

Thanks,

Daniel
PHP Programmer
interactivetools.com

Hi Daniel,

Thanks for the reply.  There isn't a specific project at the moment but I have had requests for this functionality in the past so that secure documents can be uploaded and only accessed via PHP and not a direct URL.

If I have a specific need then I'll get in touch to see if you can help but I think this would be a good feature for CMSB in general, maybe to have a 'secure storage' checkbox on upload fields that if selected stores them outside of web root and then uses PHP to retrieve them instead of just giving the user a direct URL to the file.  Uploads without this checked will work in the same way.

Just a thought for now!

Regards, Paul.