Online documentation - Websydian v6.0 |
Users Guide | Patterns Reference | WebsydianExpress | Search |
In Websydian 4.0 a bug in the Websydian MD2 implementation was discovered and corrected. As the MD2 function in Websydian is used to sign passwords and HTML pages an update is also provided for Websydian versions back to 2.0.
There are two ways to upgrade an application to use the new and correct MD2 implementation:
For a discussion on the severity of this bug please refer to Technical Bulletin #2.
This guide describes how to apply the MD2 update to applications developed with Websydian 2.0, 2.1, 2.5, 3.0, and 3.1.
Among other things the MD2 function in Websydian is used to sign passwords in the UserManagement pattern. As the MD2 implementation now is changed special care must be taken for existing applications using the UserManagement pattern when applying the MD2 update. Please refer to the section Addressing the Problem with Passwords for more information about this.
What actions to take depend on the Websydian version and the target platform of the application. Please consult the appropriate section below that fits the requirements of the application where the MD2 update should be applied.
In Websydian 4.0 the package objects to generate and build was replaced by subject areas. In that process the package objects where renamed. As object naming is level invariant in Plex this renaming also affects previous levels.
The table below shows how the package objects are named in the new group models and their old names.
Group | Name in Websydian 4.0 | Old name |
---|---|---|
WSYBASE | UseAppropriateSubjectArea_1 | DwaObjectsToGenerateAndBuild |
WSYBASE | UseAppropriateSubjectArea_2 | DwaWinObjectsToGenerateAndBuild |
WSYBASE | UseAppropriateSubjectArea_3 | ObjectsToGenerateAndBuild |
WSYBASE | UseAppropriateSubjectArea_4 | RpgObjectsToGenerateAndBuild |
WSYBASE | UseAppropriateSubjectArea_5 | WinObjectsToGenerateAndBuild |
WSYDOM | UseSubjectArea | DOMFunctionsToGenerateAndBuild |
WSYHTTP | UseSubjectArea | HTTPClientObjectsToGenAndBuild |
WSYINTEG | UseSubjectArea | IntegObjectsToGenerateAndBuild |
WSYSESS | UseSubjectArea | SessionObjectsToGenAndBuild |
WSYUSER | UseSubjectArea | UserObjectsToGenerateAndBuild |
WSYAUDIT | UserSubjectArea | AuditObjectsToGenAndBuild |
So when the Websydian 3.0/3.1 documentation mentions the package object WSYBASE/ObjectsToGenerateAndBuild you should instead use the package object WSYBASE/UseAppropriateSubjectArea_3 after the MD2 update is applied.
For applications developed using Websydian 3.0 or 3.1 the following steps should be followed both if the application is still under development or if the application is in production.
In Plex 4.0 and 4.5 there is a bug that causes Plex to crash when the function WSYBASE/DeleteFile is generated. A work around is to generate the function with the variant for WSYBASE set to PC web server.
Some package objects have been renamed from Websydian 4.0 and since object naming is level invariant in Plex this also affects previous levels.
As Plex uses the package names to determine the location of the Java classes this change has the impact that the approach in the previous section can not be used. Instead follow the guidelines below.
For Java it is recommended to use the latest versions of Plex and Websydian. That is Plex 5.0/5.1 and Websydian 4.0. Consider to upgrade to these versions if using older versions of Plex/Websydian
As the MD2 function is used by the UserManagement pattern to sign passwords the MD2 fix has the side effect that all password signatures in the user table created by the UserManagement pattern now are invalid when validated using the correct MD2 implementation.
Please look here for information on how to resolve this issue.