Untitled Document

Web Manager - List of Enhancements

Over the lifespan of the Web Access Management system, a number of major enhancements and minor fixes have been applied. Following is a brief summary, (listing the most recent items first).

Show/Hide Hidden Text

New and Different – Enhancements and Fixes in W/M

For 2010

When a member of your staff resets a given user's password, the Valid Until Date will now automatically be set 30 days into the future. Also, if attempting to Email the Signon Code/Password when executing as a "Thin-Client" on a UNIX server, a message will be displayed advising that that function cannot be executed. (Nov-02-2010)

When an individual is signed onto the Account-Status-on-the-Web web-site, they can request to have a copy of a Recap Detail Spreadsheet emailed to them. The Spreadsheet will now be generated as an Office 2003 Excel spreadsheet. (May-02-2010)

When an individual is signed onto the Account-Status-on-the-Web web-site, they can request to have a copy of an Invoice, a Recap Detail Report, or Recap Detail Spreadsheet emailed to them. The copy of the Invoice and the Recap Report will now be generated as a PDF document and emailed. The Spreadsheet will now be generated as an Office 2007 Excel spreadsheet. The message will be revised accordingly. (March-31-2010)

For 2009

For those functions that export data to Excel spreadsheets, the following enhancements have been made:

•	When titles are output, they will be formatted as bold in 14-point

•	When legends are output, they will be formatted as bold in 12-point

•	When headers are output, they will be formatted as bold and italic

•	Dollar amount data column will be formatted for "Currency", (where $ signs will be displayed with 2 decimal places)

The following applications have been revised accordingly, where applicable (Dec-15-2009) :

•	Web User Maintenance – Properties Export

•	Past 60 Periods Statistics Inquiry – Export functions

A problem was identified with the logic associated to the testing of the Dynamic Token Numbers that are embedded in each page issued to the web browser people. If a user signed on, and then logged off, and then signed on from the CTL home page again, the Dynamic Token Error was being displayed. The problem has been fixed. (June-23-2009)

Web Page Tokens

The Web Access Management ASOW servicing routines have been enhanced to deal with a potential hack attack. Now when a web-user connects to the ASOW web servicing routines for the first time to sign on, a 4 digit Token Number will be assigned. Based on this Token, a random range of 4 digit numbers will be assigned to the user. All HTML pages that are displayed to the Web-User will have a 4 digit Dynamic Token number embedded as a hidden variable within every Post forms that may be utilized. When requests are serviced, the range of Tokens assigned to the user is validated. If they are incorrect, the session will be terminated. (May-29-2009)

Upgrade function

When the software with this enhancement is installed, the file WEBCONCT.DAT must be deleted, so it will be recreated with the correct properties.

The Web Access Management system's On-Line Help is now complete. You can access these help files from the application's screens or menu bars. PDF Versions of the Web Access Management manual are also available by request. (May-28-2009)

A new inquiry function had been introduced. Web Error Logs Inquiry is a new grid screen based lookup function that lets a user view the errors that have been reported by the ASOW service routines. Now when an error occurs, an error code is displayed to the Web User. To determine what caused the error, a member of the accounting staff could use this function to see more information associated to the error. (May-25-2009)

The ASOW service routines have been revised so that when errors occur instead of a message, an error code is displayed to the Web User. The idea being, that if a user was attempting to launch a malicious attack, descriptive error messages may aid in their efforts, so now instead, an error code is displayed. When errors such as these are encountered, now an error history record is recorded. These records are available to a new Inquiry function in the back-end Web Management system.

If the individual who receives the error code wishes further information, they could contact one of the accounting staff, and they could then easily investigate the error by accessing the new inquiry function, and get back to the web user. (May-25-2009)

A function is available that will email the Web-User his User-ID and Password. The body of the email message made reference to www.uccdirect.com. This has been changed to www.ctliensolutions.com (May-20-2009)

Has been revised to deal with the encrypted Web-User passwords. (May-20-2009)

Once a user has signed on to the ASOW system, and selected a customer, a web page is displayed showing the information about the customer, and assorted push-buttons for the different functions that may be invoked. This page has been enhanced to display the Date and Time that the user last signed onto the system selecting a given customer. HTML file PICUSTVFY.HTM was modified. The associated CGI service routine has been modified accordingly. (May-20-2009)

The web page displayed from the CGI servicing routine that invites the web-user to enter a password has been enhanced. Both the password, and the answer to the secret question now have associated verification fields requiring repeated entry so as to confirm the data being entered. All these fields are now secure, so the text being entered is masked with asterisks. HTML file WUSERINFO.HTM was modified. The associated CGI service routine has been modified accordingly. (May-20-2009)

The web page displayed from the CGI servicing routine that confirms an email is to be sent with the user's password has been revised to be more of an announcement rather than an error message. (May-19-2009)

The Web User Maintenance routines have been enhanced to offer additional security with web user's passwords. The Help files for this maintenance routine has been completed and updated accordingly. The following changes have been made:

•	Passwords now require at least one numeric digit, and must be at lease 8 non-space characters

•	The Password and the Secret Question Answer fields are now displayed as secure fields as asterisks.

•	When Passwords or Secret Question Answers are edited, a field is provided requiring them to be entered again for confirmation.

•	When exporting Web User Properties, the password is output as a string of "*********"

•	The current Password, and the previous Passwords on file are now encrypted using the Series 5 encryption subroutine.

•	The answer to the Secret Question has also been encrypted using the Series 5 encryption subroutine.

Upgrade function

When the software with this enhancement is installed, the program UPGRADWM must be compiled, defined as a User Function, and executed.

As well, the file that stores the Web User properties records has been encrypted. (May-19-2009).

The ASOW CGI Logon servicing routine has been revised to that when a web-user enters a new password, it must satisfy the rule that it must contain at least one numeric digit. (May-19-2009)

The ASOW CGI Logon servicing routine has been revised to that any reference to the Web User's password will no longer be output to the Debug Trace file. (May-19-2009)

For 2008

If the operator selects to launch the E-Request Server or E-Request Monitor functions, executing as a thin client, a message will be displayed advising that it is not possible to do so. (Oct-13-2008)

The Web Access Management system now has On-Line Help. You can access these help files from the application's screens or menu bars. (Aug-2008)