New Message Search Latest Redo
Web Connection
Upgrade options from WWWC 7.35
Gravatar is a globally recognized avatar based on your email address. Upgrade options from WWWC 7.35
  Russell Campbell
  All
7CR0I7B0Z
  Dec 22, 2025 @ 08:29am
Reply

What versions can I move to based on my current 7.35 license? Only 7.4 or can I use 8.x without purchasing the upgrade?

Also, I noticed this in relation to the upcoming version 8.5:

Removed Case Insensitivity from wwUserSecurity Username and Password Changed the behavior of base authentication in default wwProcess::OnAuthenticateUser() by removing the LOWER() case conversions on input and expecting username and password to be lower case.

I didn't even know you had case insensitivity on passwords given how long the industry has been using case sensitive passwords. But why remove it on user names? Most sites still keep insensitivity there. I mean, I wouldn't want three records in my users table with essentially the same user name (like MarkSmith, marksmith, and MARKSMITH. I hoping for a switch on this to control whether the change applies to user names or not. Definitely want it on passwords.

Gravatar is a globally recognized avatar based on your email address. re: Upgrade options from WWWC 7.35
  Rick Strahl
  Russell Campbell
7CR0Z7PVE
  Dec 22, 2025 @ 04:25pm
Reply

What versions can I move to based on my current 7.35 license? Only 7.4 or can I use 8.x without purchasing the upgrade?

If you don't upgrade to 8.0, v7.4.

Removed Case Insensitivity from wwUserSecurity Username and Password Changed the behavior of base authentication in default wwProcess::OnAuthenticateUser() by removing the LOWER() case conversions on input and expecting username and password to be lower case.

I didn't even know you had case insensitivity on passwords given how long the industry has been using case sensitive passwords. But why remove it on user names? Most sites still keep insensitivity there. I mean, I wouldn't want three records in my users table with essentially the same user name (like MarkSmith, marksmith, and MARKSMITH. I hoping for a switch on this to control whether the change applies to user names or not. Definitely want it on passwords.

This change only affects what you look up, not what you save (it never did). So you can always enforce a password policy yourself by passing the appropriate value. This change undoes both the lower(lcPassword) and lower(lcUserName) in OnAuthenticate() which is done when looking up passwords. You can always override the save and lookup behavior by using a custom wwUserSecurity class. It's just the wwProcess no longer forces your hand there by automatically lower-casing your usernames and passwords.

+++ Rick ---

© 1996-2026