PRECISION 2012 R01 Web UI Release Notes > Web UI 4.10 > Security
  
Security
The following security enhancements are included:
It is now possible to encode password information in the following files:
precision.properties
highway.properties
scheduler-service.xml
You can now encode the password in the Highway setting PERSISTENCE_LOCATION.
A utility—encryptor.bat—is available to generate an encoded password from a plain text value.
You can also encode passwords used in Progress 4GL Listener configuration files.
Note: These changes are not released with Web UI 4.10. If you require these changes, request an R03 update to the Windows UI login programs.
The application has been tested for possible OWASP Top 10 flaws by performing Veracode static and dynamic scans on the PRECISION Web UI solution. Potential vulnerability flaws are either corrected or mitigated. Veracode test reports are available upon request.
Highway
The Highway version is now 3.3.4. The Highway database has not changed with this release.
Endpoints
The following issues have been resolved:
An issue reading files using the Dachser parser when there was a space in the file name.
Previously, attached PDF files read from a folder were becoming corrupted when received later as an e-mail attachment.
Note: These new services are only fully available with a RAINBOW Web UI build.
Web Services
Web services functionality has been enhanced:
WSDL and web service logic now include lot allocations information as part of the ProcessSPSResponse response. This data is included in the PackageItem node.
There are new First Mile/Last Mile PEM web services. There are new PEMCarrierStatusUpdate and PEMPackageCurrentStatus messages.
A new Highway setting enables you to turn off the automatic creation of faults when there are errors in the response. This is useful when errors are detailing problems but a transaction has still been created.
Web Service WSDL updates:
SPS XSD changes ensure that WSDL is in line with S38 SPS messages.
A SOAP fault is no longer returned as the response to an asynchronous message request.
A WSDL issue where the ProcessShipment XSD is missing a parameter sequence node is resolved.
A WSDL issue where some XSDs have no MinOccurs set, resulting in a default of 1 instead of 0, is resolved.
Installer Changes
Installer changes include the following:
Refinement of the JDBC connection pool properties.
precision.db1.minevictableidletimemillis is now set to 600000.
precision.db1.maxidle is set to 10 when the database is Open Edge.
The WrapperJBossService.conf file contains new Java garbage collection parameters.
It is now possible to enable Remote JMX.
The default JBoss Web and JMX Console passwords have changed.