The latest release from Traka Web contains numerous improvements that provide greater system security, while minimizing the entry points for any potential data breach.
As concerns over application security are growing, many mid-size and enterprise customers want assurance that our software and systems will not give unauthorised access to sensitive data or lead to other breaches, when installed as part of their network. This latest round of security enhancements should give Traka customers increased confidence in knowing that our software is safe as part of their IT infrastructure.
In addition, Traka Web 2.10 introduces new features and workflow improvements that enhance the day-to-day experience for users and administrators alike. Be sure to visit the support website to read the complete release notes, and to download the latest versions of Traka Web and Traka Touch.
New features
Job scheduler
A new feature has been added to Traka Web, which allows automated tasks to be executed on a defined schedule. Currently, the Job Scheduler can be configured to purge historic events, but this will be expanded to perform additional tasks in the future.
New languages added
The following languages are now supported by Traka Web: Hungarian, Lithuanian and Romanian
User experience improvements
Improved sorting
Grid columns can now be sorted and filtered based on a checkbox value (checked or unchecked).
Improved region selection in the System Viewer
The Region selection box can now filter the region list based on the first few letters of a region to receive a reduced list of options.Change has been implemented site-wide.
Improved date validation on Edit User screen
The Edit User screen has been updated to have enhanced calendars showing on-screen validation.
Configurable error page improvements
We have added a new option to display advanced error information, where the full error stack trace is displayed to the front-end user. If the setting is turned off, only basic error information is displayed and the full error info can be found in the logs.
Security improvements
Windows Authentication security improvements
The Traka Business Engine, Traka Admin and Traka Web products have been updated to use the built-in security for Windows to authenticate and authorise users logging in into Traka Web.
Reduce risk of DOM-based open redirection vulnerabilities
In instances where navigation within Traka Web requires a return URL, additional validation has been added to ensure the URL is within the Traka Web application.
New setting to control password input storage in the browser
As a security enhancement, there is now an option in Traka Web to allow or deny the Traka Web password field to store the entered password in the browser.
Security delay when the wrong login credentials are entered
In order to prevent brute force login attempts into Traka Web, a 1 second delay has been added whenever the wrong login is entered. This delay increases exponentially upon every unsuccessful login in a session.
Added function to target textbox inputs to prevent XSS attacks
By preventing scripts to be pasted or inputted into Traka Web textboxes, we are reducing the impact of this vulnerability and making Traka Web a safer product.
Plus, numerous additional updates to improve Cross-Site Scripting attack protection.