2sxc 9.30 introduces feature-management, which allows the host-user to specify what features are enabled. Here's what you want to know.
New Security Related Features are Off by Default
New features which have a security consequence - for example the new features around using the 2sxc form with anonymous users - are turned off by default.
This is to be sure that you actively enable it and know that this feature is in use.
Features are Managed under Manage-Apps
You can see what features are enabled in the manage-apps, so either in the rotating menu, or in the add-app bar:
You can then see the enabled features - and they will look up the security of these features on our server, to tell you if something must be done:
Basically this system simply enables/disables features. When features have more settings, we'll add them, but at the current level it's just on-off. Here are some more things you should understand:
- A feature is identified by a GUID. Additional information like a nice-name are not available yet, but will soon be.
- Features can expire - this is great if you want to just test a feature, and want to make sure it won't be available after testing
- A UI relevant feature means that the JS-UI should know about it, so when the UI asks the server for activate features, this will be provided to the UI. This is to differentiate between features which the UI shouldn't know about, like for security reasons. For example, the UI should know if paste-image-from-clipboard is enabled.
- A public feature is a feature which the UI should know about, even if low-privilege users are working with the dialogs. For example, public users shouldn't know about advanced security features like "permissions by user enabled"
To enable such features, you will have to go to manage-features:
..and from there you'll see the features-enably section. Depending on your function in the community, you can enable:
- Advanced or security related features
- Beta features
- Features which are still in development or preview
Each feature can be configured to expire. This allows you to test a feature or just to enable it for a few months - like in situations where you expect the feature to become unnecessary after a certain time. We really recommend that you do this on beta-features for security reasons.
Optional Registration & Benefits
You don't have to register your installation (right now you can't actually do it yet), but in the near future this will provide you security benefits:
- We will inform you, if such a feature has a known security issue
- If you're a beta-tester, you can enable beta-features
- If you've had us develop custom features for you, you can enable them here
- Other people won't be able to generate feature-configurations for your installation, as they will then need your login to do that
We know that registration may be something people don't like, but we regard it as the only way to provide top-notch security, and this we regard as being our topmost goal.
Internals and More
If you want to learn more about how the features work internally, check out the documentation in the wiki. Remember that this is available in 2sxc 9.30 and later, which you can download from Github.
Love from Switzerland,