Skip to content

Version 1.53.1

Choose a tag to compare

View all tags
@kjolley kjolley released this 07 May 10:47
· 41 commits to develop since this release
v_1.53.1
71d0cdf

What's new?

  • Added additional password complexity checks.
  • Added option to automatically register newly validated site-user accounts for all available databases.
  • Fix for determining if FASTA file is protein or DNA.

Password checks

Additional password checks have been introduced. Previously, we could set a minimum length and require the inclusion of special characters. Now we can set the minimum number of characters for different character classes to include (special characters, lower-case letters, upper-case letters, digits). These values can be set in bigsdb.conf (uncomment and modify).

#Password constraints
;bcrypt_cost=12
;min_password_length=12
#Set minimum number of following characters:
;require_special_chars=0
;require_lower_case=0
;require_capitals=0
;require_digits=0

The default minimum password length has also been increased to 12 and we check to ensure that the username is not included as part of the password. In order to implement this, we have had to slightly change the log-in process. Previously, usernames and passwords were concatenated and MD5-hashed within the browser before transmission, and then bcrypt-hashed on the server. This browser-level hashing was implemented before HTTPS was routinely used and was therefore done to prevent transmission of plain-text passwords over the network. In order to perform server-level password complexity checks however, the server needs to see the original password before it is hashed, so it is now transmitted unhashed, but encrypted by HTTPS. To ensure that passwords are never transmitted without encryption, there is now a check to confirm that the server is using HTTPS - with log-in and password changes disabled if it is not. This can be overridden for testing or development, but should not be done in production. To override this check set the following in bigsdb.conf:

allow_http=1

Note that if you are running behind a proxy server, the outside connection to the proxy may use HTTPS, but the connection between the proxy and the BIGSdb server may only use HTTP. If this is the case, then ensure that the proxy passes the X-Forwarded-Proto attribute set to 'https' in its headers. This can be set in nginx, by adding the following line to the location section:

proxy_set_header X-Forwarded-Proto https;

Automatic database registration

New users previously had to register their site accounts with individual databases in order to log in to them. It is now possible for this step to be performed automatically, so that all available databases which have auto-registration enabled are registered as soon as the user changes their password following their first log-in. To enable this, set the following options in bigsdb.conf:

#Site-wide accounts
#Allow users to request registration (set to 1 to enable).
auto_registration=1

#Automatically register new account to all available databases (set to 1 to enable).
auto_registration_auto_select=1

Fix for DNA/protein determination

Determining whether an uploaded query sequence is DNA or protein is necessary to decide which BLAST program is used. This should have been done by removing all header lines from an uploaded FASTA file, then determining if the proportion of A, T, G, C, or N characters is >= 80%. If so, the sequence is determined to be DNA, if not it is protein. Unfortunately, a bug meant that only the first header line was removed, so later headers were included in the 80% determination. If the FASTA file contained a lot of very short contigs with relatively long header lines, it was possible for a DNA FASTA file to be recognised as protein. This resulted in TBLASTN queries being used instead of BLASTN - resulting in no results and also an unexpected load on the server (especially seen with API calls). This has now been fixed.

Full Changelog: v_1.53.0...v_1.53.1

Assets 2
Loading