Latest News: Celebrating our 15th anniversary | Coming soon in MIDAS v4.27 | COVID-19 Support

Category: Development

A New Calendar Widget

If you’ve previously used MIDAS, you’ll be familiar with the small calendar “widget” that appears throughout the software allowing you to select dates.

MIDAS v4.26 (and later) now use a slightly different calendar “widget” to previous versions.

Here’s a comparison of the two:

The calendar widget in v4.25 (and earlier)
The calendar widget in v4.25 (and earlier)
The new calendar widget in v4.26+
The new calendar widget in v4.26+

What’s changed?

We’ve been developing MIDAS for over 15 years now! Ever since our very first release we’ve been using a JavaScript calendar widget originally called “DHTML Calendar”. This was later renamed to “Dynarch Calendar” – or “JSCal2” for short.

From MIDAS v4.26 we’ve dropped JSCal2 in favor of jQuery UI’s “datepicker”.

Why the change?

Back when we started development on MIDAS in 2005, there were very few calendar widgets available that allowed embedding a fully-featured date picker into a web page. After testing a number of alternatives at the time, we chose the “DHTML Calendar” as it was known back then.

This was a freely available calendar widget that had been in active development by the author for two years previous. It provided all the functionality that we needed for use in MIDAS.

Development of the “DHTML Calendar” continued over the years, with regular releases. A re-written “version 2” was then released and the project renamed to “Dynarch Calendar” (JSCal2).

Unfortunately, development of JSCal2 ceased in 2010.

Since then, JSCal2 has continued to function with the odd “patch” or two we’ve made.

However, there comes a time when a decision has to be made about the feasibility of continuing with JSCal2 going forward. We’ve now made that decision and have decided to drop JSCal2 in favor of jQuery UI’s “datepicker”.

jQuery UI’s “datepicker” is in active development and is arguably one of the most popular date pickers/calendar widgets in use today. It has both a large user and developer base and is well-supported.

What are the benefits of the new calendar widget?

In recent years, the limitations of JSCal2 have become more apparent.

For example, to select multiple dates in a JSCal2 calendar, a user would need to hold down the Control (Ctrl) or Command (Cmnd) key on their keyboard whilst clicking on a date.

Several years ago become the advent of tablets and touch screen devices this wasn’t a problem – as everyone used a keyboard.

However, in today’s world that’s not always the case, and so we needed a calendar widget that would allow selecting multiple dates regardless of whether the user was using a keyboard or not.

We’ve been able to achieve this with the new calendar widget in MIDAS v4.26.

There are also performance benefits over the new calendar widget. Web standards and performance have improved and evolved over the years. The now obsolete JSCal2 – whilst very advanced for its time, is no longer advanced or efficient by today’s modern standards.

What differences will I see?

Probably the first thing you’ll notice with the new calendar widget is its size (compare the two images above). The old JSCal2 widget was quite small and not idea for use on touch-devices. The new widget uses a slightly larger font and increased spacing. This not only helps make it more legible, but easier to use on smaller touch screens.

You’ll also notice that the top part of the calendar widget has changed.

Previously, the top of the calendar contained four arrow buttons, allowing you to jump forward or back by either a month or a year at a time. Additionally, you could also click the Month/Year heading to select a specific month/year to jump to.

The new calendar widget only has two arrow buttons, allowing you to jump backwards or forwards by a month at a time. However, the main month/year header is actually now two separate drop-down lists making it really easy to select a month or year to quickly jump to.

Why use a “widget” at all?

Back when we started MIDAS development there were few native interactive elements you could embed within a web page that would work in all web browsers.

You could essentially include very basic form elements – text inputs, drop-down lists, check/radio boxes, and the like.

There was no native way to include a calendar or date picker within a web page.

Today the range of native interactive elements available include a whole host of controls; including color pickers, sliders, email address and telephone inputs, and even date pickers.

Unfortunately support for native date pickers at present isn’t universal among web browsers. Safari browsers for example have no support as yet for native date pickers.

Those browsers which do native support a date picker element, all render them differently, and only provide very basic date picking functionality. At present, there is no support for selecting multiple dates, for example.

Native date pickers are still in their “infancy”. There may come a time when MIDAS can utilize native date pickers rather than a 3rd party calendar “widget”. For now though, the new calendar widget we’re introducing in v4.26 offers all the functionality we need and should do for the foreseeable future.

New Export Features

In our previous update (v4.25) we added a host of new data export features. This included the ability to export invoice data to QuickBooks, Sage, Xero and several other popular accountancy packages.

For MIDAS v4.26, we’re adding a couple of additional features to the export capabilities of our booking software.

Export Users

MIDAS is already capable of exporting Booking, Client, Invoice, and Resource data in a range of formats.

For v4.26 we’re now also allowing user data to be exportable.

Exported user data includes all privileges assigned to each account within your MIDAS system.

One piece of advice we offer to help customers keep their MIDAS systems secure is that each user account should only be granted the minimum permissions each individual requires.

For customers with a large number of user accounts, this new export option allows administrators to quickly audit the permissions assigned to every user account.

Refined Client Data Exports

The ongoing global COVID-19 pandemic is forcing organizations to adapt to how they operate. Throughout this period, we’ve been listening closely to our customers feedback.

We recently published an article on 6 ways MIDAS can help your business adjust to COVID-19.

In addition, we’ve been adding new and improved features in v4.25 and v4.26 to further improve how MIDAS can work for your business in these unprecedented times.

One of our customer’s reached out to us as they wanted a way to collate the email addresses of all their clients who had bookings over a certain date range. This was so that they could send out a bulk email to inform them hat their facilities had temporarily closed.

Now, whilst a list of all client’s addresses could be exported by MIDAS, there was no easy way to generate a subset list of clients based upon when their bookings took – or were due to take – place.

We’ve addressed this for v4.26! There’s now the option to export all clients, or just details of those with bookings within a specific date range!

Export Clients With Bookings Within A Specified Date Range
Export Clients With Bookings Within A Specified Date Range

Improved Password Hardening

For MIDAS v4.26 we’re improving the password change process for users, with the introduction of a new “Disallow Known Breached Passwords” admin setting:

Disallow Known Breached Passwords in MIDAS
Disallow Known Breached Passwords

With this setting enabled, whenever a user changes their password MIDAS checks that it doesn’t appear in any known online data breaches.

This feature utilizes the popular 3rd party “Have I Been Pwned” service. This is a database of more than half a billion passwords which have previously been exposed in various data breaches.

Don’t worry though, your actual password is never sent to the “Have I Been Pwned” service. Here’s how it works;

  1. You enter a desired new password in MIDAS.
  2. MIDAS creates a cryptographic “hash” (SHA-1) of the password you entered. The first five characters of this hash are sent to the Have I Been Pwned service.
  3. If hashes with the same first five characters are found in the Pwned Passwords repository, the Have I Been Pwned service responds with all these hashes.
  4. MIDAS sifts through the received hashes to see if there’s a complete match with the full SHA-1 hash of your new password.
  5. If a match is found, your desired password has appeared in at least one public data breach. MIDAS will then display an alert and ask you to enter a different password.
The Change Password Dialog in MIDAS
The Change Password dialog in MIDAS
Chosen Password appears in other online data breaches
The chosen password isn’t considered secure as it appears in other online data breaches

The new “Disallow Known Breached Passwords” setting in MIDAS will be enabled by default. It can readily be enabled/disabled via MIDAS Admin Options → Manage MIDAS → Security.

We’re passionate about security, and this latest improvement is just one of the ways we help keep your account and MIDAS system secure.

Interested in learning more about security in your MIDAS system? Try these links…

Security Enhancements in v4.25

Security is our number one priority here at MIDAS. We constantly strive to ensure our software remains secure, and provide users with a range of tools to help keep their MIDAS accounts and data secure.

We’re further enhancing security in MIDAS v4.25 and introducing a new admin setting.

New & Unfamiliar Login Notifications

A new “Alert users upon logins from unfamiliar devices” setting is located under MIDAS Admin Options → Manage MIDAS → Security.

With this setting enabled, a user account logged into from an unfamiliar browser/device, will trigger an automated email notification to the account holder.

Email Notification alerting user to an unfamiliar login to their account
Email Notification alerting user to an unfamiliar login to their account

This email notification is customizable through a template via MIDAS Admin Options → Manage MIDAS → Templates. The default notification provides details of the browser, operating system, and IP address of the new login. It advises that the notification can be safely ignored if the new login was genuine, or what to do if the user doesn’t recognize the login.

Obviously for these email notifications to be sent, your MIDAS system must be correctly configured for sending email.

Other “Under The Hood” Security Enhancements

You’ll often see “Security Enhancement” in the changelog for our MIDAS software. This is nothing to worry about, and it’s part of our pro-active approach to security.

We routinely make small changes to improve and “harden” our software against a variety of threats.

One of the security enhancements we’ve made in v4.25 is to drop usage of the “Math::Random::Secure” Perl module. Perl – the language that we develop our software in – is capable of natively generating random numbers. MIDAS uses random numbers for a variety of things, including password generation and unique session tokens. However, random numbers natively generated by Perl are not “cryptographically secure”. As such, we’ve been utilizing the “Math::Random::Secure” module to ensure that random numbers generated by MIDAS were cryptographically secure.

The developers of “Math::Random::Secure” haven’t updated it in over three years. Whilst the module still functions, it depends upon another module (Crypt::Random::Secure), which itself depends upon another module (Any::Moose) which has since been deprecated.

So for this reason, and also for performance reasons, MIDAS v4.25 now defaults to using Crypt::PRNG instead. If this Perl module isn’t available on your server, MIDAS will simply revert back to Perl’s native random number generator. However, it’s really easy to install Perl modules, and so for enhanced security we’d recommend installing Crypt::PRNG.

Dropping TLS 1.1 support for cloud-hosted customers

TLS stands for “Transport Layer Security” and is a mechanism used to facilitate secure connections and communications over the internet. To date, there have been three versions of TLS, each more secure than the last. The latest version of TLS is 1.3. The original TLS 1.0 version is considered “weak”, and no longer supported by modern browsers. We previously dropped support for TLS 1.0 on our servers back in July 2017.

To coincide with the release of MIDAS v4.25, we’ll be dropping support for TLS 1.1 connections to our client servers. Our client servers will continue to support both TLS 1.2 and TLS 1.3 secure connections.

Dropping TLS 1.1 support should have no noticeable impact for regular users of MIDAS. We’ve already dropped TLS 1.1 support on our website. If you’re reading this post, then you’ll still be able to access your hosted MIDAS system once TLS 1.1 support is dropped.

However, if you’re a cloud-hosted MIDAS customer utilizing the optional MIDAS API then you may need to take action. Please ensure that your applications and the underlying programming language you develop in can support (and are correctly configured for) TLS 1.2/1.3 connections.

If your applications/programming languages do not support at least TLS 1.2, your MIDAS API calls will begin to fail once we disable TLS 1.1 support.

Please refer to the vendor of your programming language if you’re unsure whether it supports TLS 1.2/1.3, or for assistance enabling such support in your development environment. This doesn’t affect API users interfacing with a self hosted MIDAS system.

These are just a few of the new and improved features for MIDAS v4.25. Please see this post for details of other new features you’ll find in v4.25.

Reddit You can also ask questions and discuss the new features of v4.25 over on Reddit.