Release version: 10.0.0
Release date: 30th June 2021
This major release of Autoform DM contains many great new features, as well as a modern new look. Read on to learn more!
Web Document Import
A highly flexible and streamlined web-based application for the ad hoc indexing and importing of documents into Autoform DM.
- Clean, simple interface to efficiently select, index and archive documents.
- Multiple document file types are supported.
- Encrypted function is available that we recommend for the security of sensitive data.
- Additional tools to allow direct linking and integration with 3rd party applications, passing metadata through to the import application.
REST API Token Authentication
A fully RESTful API key feature allowing the management and usage of simple and secure API keys to authenticate REST requests.
- Access through the new API Keys front-end module or the REST API.
- Easily generate, view and revoke authentication tokens.
- Grant permissions at User or Group level to control access.
- No more session management / XSRF cookie required.
User Interface Rebrand
The Autoform DM interface has been refreshed, bringing it in line with the new Formpipe corporate branding.
- Modern, clean appearance.
- The same familiar layout and functionality as before.
As part of our ongoing strategy to ensure Autoform DM remains highly secure, we have revamped the password storage system for non-LDAP users, following industry best practices described by the OWASP Foundation. This means enhanced security.
- Passwords are now stored using PBKDF2, as recommended by NIST.
- Existing hashed and salted passwords are hashed again with PBKDF2 during the upgrade to Autoform DM 10. This means you immediately gain the additional protection. On subsequent logins the passwords are rehashed directly using the native algorithm.
- It is possible to configure the number of hashing iterations to increase computational difficulty and security.
These improvements mean that we can confidently transmit hashed passwords without the risk of someone reverse engineering passwords to access the system, such as via the configuration management feature. Customers using our system in Continuous Integration setups will benefit from being able to automate a fully working system.