AlwaysUp Web Service version 14.7 was released on October 1 2023.
This time around, our team focused on improving the software in a couple of areas — to give you greater control over authentication and to improve security.
New authentication and session timeout options
Authentication was mandatory in previous versions of AlwaysUp Web Service. You were forced to enter a password before interacting with your AlwaysUp applications in the browser.
But while protecting the web service is the right approach for the vast majority of our customers, we also heard that having to constantly log in was a nuisance. And introducing an additional layer of authentication was unnecessary when access to the web service URL was already restricted by another gating mechanism (such as network isolation or IP filtering).
So, to help customers who weren’t happy with the current system, we introduced the following enhancements.
Authentication is optional.
You can now avoid logging in to access the web service.
The session timeout is configurable.
You can now set the web session timeout value to up to 24 hours, to have the web service keep you logged in even when you’ve been idle for a long time.
The new options are available on the Settings page in AlwaysUp Web Service Control Panel:
Of course, please think carefully before relaxing security in your environment. We recommend sticking with the defaults (password required; session timeout of 30 minutes) unless you have good reasons to change them. Caveat emptor!
Protection against known vulnerabilities
As a web application that might be available on the Internet, it’s important for AlwaysUp Web Service to be as secure as possible. Indeed, it must resist the thousands of malicious actors and bots that are constantly probing network ports, trying to hijack computers.
We apply security updates regularly, to keep AlwaysUp Web Service ahead of the attackers. In this release, we:
Introduced support for TLS 1.3.
The latest version of the TLS protocol — which strengthens encrypted SSL connections — ensures that your data is always secure in transit.
Dropped support for TLS 1.1 and earlier.
Unfortunately those older protocols are no longer secure. Even Microsoft started disabling them in September 2023.
And with those improvements in place, AlwaysUp Web Service received an A+ grade from ImmuniWeb’s popular SSL Security test:
The full report (PDF) is available here.
As usual, please review the release notes for the full list of features, fixes and improvements included in AlwaysUp Web Service version 14.7.