HOC 3 Release Notes 3.0.7.0

This week's release includes improvements in HandsOn Connect public site security, improvements in our universal public site template, improvements to the calendar view of invitation-code based opportunities, and performance improvements to saved searches in the /searchresults block.  Here are the highlights in this release:

Security Improvement: Password Strength Meter (HOC3-2129)

HandsOn Connect's public site has a low threshold for user-defined passwords (6 characters) to make it easy for non-technical folks to enter a password when registering.  However, in order to encourage users to opt for stronger passwords, we've added a password meter that shows the strength of the password they are choosing.   This should encourage people to avoid 'weak' passwords if they want greater security for their account information.

Security Improvement: Log in Throttling (HOC3-1792)

We have seen rare instances where 'brute force attacks' have been attempted against HandsOn Connect public sites.  To protect sites from these attacks, where a bot tries to log in to an account over and over again, logins are now throttled so that after 12 unsuccessful login attempts, further attempts are blocked for 3 hours.  

When a user reaches 6 failed login attempts, the system will let them know when they have only 5 attempts left and provide a countdown from thereafter. "You have X login attempts left before we have to lock your account for too many failed attempts. If you forgot your password you may want to use the password reset."

After 12 failed attempts the user is notified that "Your account has been locked for 3 hours for too many failed login attempts. This is to protect your account."

Sharing Portal: Reporting Improvement for Summary Reports (HOC3-7641)

Summary reports, when made available to partners in the sharing portal, were not providing calculated totals and subtotals.   This has been corrected and now any calculated totals or subtotals that are part of the original report will be visible in the sharing portal as well.

Sharing Portal: Improvements to tables in Sharing Portal (HOC3-7763)

The field "Team Name" has been added to the Volunteer Attendance reporting page:

The fields "Team Name" and "Role" have been added to the Connections Table (making it possible for partners to know which connections are part of a team, and identify who the team captain of a team is!)

Note:  It is now possible for support to 'turn off' any of the columns appearing in these tables (list views).  If you want a column to no longer appear, please make a request in a support ticket.

If these columns are not currently visible in your sharing portal but you DO wish them to appear, please open a support ticket and we can add them for you if they are not already there!

Bug Fix: Logging in from admin as a volunteer leader. (HOC3-7800)

We've fixed a bug in which 'logging in as' a contact from Salesforce with the Volunteer Leader profile - did not give you the correct permissions and sharing settings for a Volunteer Leader.  This has been fixed.  You will now see what the leader sees when logging in from the public site.

0 Comments

Add your comment

E-Mail me when someone replies to this comment