KitCAD i3 Silent security upgrades for webserver versions

There has been some security changes made to the online version of KitCAD i3 KGC. Some of changes have been ported to other the versions of KitCAD i3.

The online versions now include a file titled kitcad_secure.cgi to catch information supplied by bad logon requests and record it into /htdocs/login/{user}.error

A suggested method of blocking bad logon requests should be based on time between failed login attempts. Code isn’t supplied to perform blocking of bad password senders at this time (has to support Ipv6 and Ip addresses). One example; A external cron-job file run by other processes apart form KitCAD i3 KGC could be started to scan for *.error files and set read-only attributes for time-out periods, etc.

Password issues with OpenId enabled users have been corrected (support for 1m combos), see fix

No update to the KitCAD i3 KGC version information was performed. Re-Uploaded with same version date of 27th August, 2010

Note: the KitCAD i3 KGC XAMPP(win)/WAMPP2(win) versions do not support security settings by default.

One Response to “KitCAD i3 Silent security upgrades for webserver versions”

  1. Admin Says:

    Corrected bugs in kitcadi3_secure.cgi and Re-Uploaded with same version date of 27th August, 2010

Leave a Reply

You must be logged in to post a comment.