Security

Version	Type	Description	ID
21.4.1.0	CORR	An issue where an error message appeared when saving attribute changes on built-in identity type users has been fixed.	DEVCORE3-5486
21.4.1.0	CORR	The issue of FX Security setting the connection to Read-Only for non-FX Security related functions has been fixed.	FX-11586
21.17.0.0	ENH	The following enhancements have been added to prevent the accidental editing of data of a sign-up period currently used in Production: The system automatically checks in the early morning if the current date falls within the date range of the sign-up period marked in Production. If so, it automatically selects the Frozen checkbox shown in the Edit dialog box of the Sign-up Period screen. A new security key, Trapeze4/Fixed Ancillary Data/Sign-Up Periods - Freeze has been added. If users are granted permission for this key, they are able to select or clear the Frozen option on sign-up periods.	FX-12677
21.20.0.0	ENH	Updates have been made to Trapeze6 security defaults: Default password complexity rules have been updated in Properties: Core/Security/Policy/Minimum Password Length: Minimum length in characters of a valid password. A value of 0 allows empty passwords. Default value is 8. Core/Security/Policy/Password Required Character Types: Specifies character types that must be included in all passwords. This property depends on other password policy context properties. Options are: Upper case alpha character, Lower case alpha character, Symbol character, and Number character. By default, all four character types must be used. Core/Security/Policy/Password Hashing/Algorithm. Select the way passwords are hashed and stored in the CoreIdentity table: TCF1 (64-bit hash). Original algorithm used for backward compatibility when older client and server applications that do not support newer algorithms are connected to the same database. PBKDF2 (192-bit hash). Industry-standard password hashing function, used to produce a 192-bit hash incorporating a 192-bit cryptographically random salt. (Default.) Core/Security/Policy/Password Storage/Algorithm: Applies to stored passwords in context properties and Service Shell profile files. Select one of the following values: AES256 (Private key) - Select for stronger encryption using a randomly generated private key. (Keyfile.bin in the Config folder) This will require manual copying of the Keyfile.bin to other application installation folders if there is more than one installation sharing the same database. Otherwise, the other applications won't be able to decrypt the stored passwords. If this file is lost then the stored passwords will not be retrievable and will have to be re-entered using a new Keyfile.bin. AES256 (System key) - Select for stronger encryption using the system key built into the application framework. (Default) TCF1 - Select this for backward compatibility for older versions that do not have this option. Note: If Core/Security/Policy/Enforce Password Policy on Next is selected, users may need to reset their passwords to meet new default requirements the next time they sign in. Descriptions for the following Service Shell switches have been updated: Core/Security/Authenticate: Turn OFF to disable username/password authentication and permission checks. DEPRECATED! This switch may be removed in a future version. Core/Security/Check Permissions: Turn OFF to disable permission checking (even if Authentication is still ON.) DEPRECATED! This switch may be removed in a future version.	DEVCORE3-5470
21.21.0.0	CORR	The message that appears when users attempt to set the Access Type to Read-Write for Divisions, Lines, Services, Line Group, and Service Group in FX Security has been improved. It now includes reference to using the Set Rights To <All> feature.	FX-12924

21.4.1.0

CORR

An issue where an error message appeared when saving attribute changes on built-in identity type users has been fixed.

DEVCORE3-5486

21.4.1.0

CORR

The issue of FX Security setting the connection to Read-Only for non-FX Security related functions has been fixed.

FX-11586

21.17.0.0

ENH

The following enhancements have been added to prevent the accidental editing of data of a sign-up period currently used in Production:

The system automatically checks in the early morning if the current date falls within the date range of the sign-up period marked in Production. If so, it automatically selects the Frozen checkbox shown in the Edit dialog box of the Sign-up Period screen.
A new security key, Trapeze4/Fixed Ancillary Data/Sign-Up Periods - Freeze has been added. If users are granted permission for this key, they are able to select or clear the Frozen option on sign-up periods.

FX-12677

21.20.0.0

ENH

Updates have been made to Trapeze6 security defaults:

Default password complexity rules have been updated in Properties:
- Core/Security/Policy/Minimum Password Length: Minimum length in characters of a valid password. A value of 0 allows empty passwords. Default value is 8.
- Core/Security/Policy/Password Required Character Types: Specifies character types that must be included in all passwords. This property depends on other password policy context properties. Options are: Upper case alpha character, Lower case alpha character, Symbol character, and Number character. By default, all four character types must be used.
- Core/Security/Policy/Password Hashing/Algorithm. Select the way passwords are hashed and stored in the CoreIdentity table:
  1. TCF1 (64-bit hash). Original algorithm used for backward compatibility when older client and server applications that do not support newer algorithms are connected to the same database.
  2. PBKDF2 (192-bit hash). Industry-standard password hashing function, used to produce a 192-bit hash incorporating a 192-bit cryptographically random salt. (Default.)
- Core/Security/Policy/Password Storage/Algorithm: Applies to stored passwords in context properties and Service Shell profile files. Select one of the following values:
  1. AES256 (Private key) - Select for stronger encryption using a randomly generated private key. (Keyfile.bin in the Config folder)
    This will require manual copying of the Keyfile.bin to other application installation folders if there is more than one installation sharing the same database. Otherwise, the other applications won't be able to decrypt the stored passwords. If this file is lost then the stored passwords will not be retrievable and will have to be re-entered using a new Keyfile.bin.
  2. AES256 (System key) - Select for stronger encryption using the system key built into the application framework. (Default)
  3. TCF1 - Select this for backward compatibility for older versions that do not have this option.
  Note:
  If Core/Security/Policy/Enforce Password Policy on Next is selected, users may need to reset their passwords to meet new default requirements the next time they sign in.
Descriptions for the following Service Shell switches have been updated:
1. Core/Security/Authenticate: Turn OFF to disable username/password authentication and permission checks. DEPRECATED! This switch may be removed in a future version.
2. Core/Security/Check Permissions: Turn OFF to disable permission checking (even if Authentication is still ON.) DEPRECATED! This switch may be removed in a future version.

DEVCORE3-5470

21.21.0.0

CORR

The message that appears when users attempt to set the Access Type to Read-Write for Divisions, Lines, Services, Line Group, and Service Group in FX Security has been improved. It now includes reference to using the Set Rights To <All> feature.

FX-12924