Web software updates are important for internet security, in particular to stop a XSS attack and Penetration attacks. The latest version of TermsASP must be used to ensure the maximum security from internet attacks. If you are also running the Online Registers then the latest version must also be installed.
The majority of the TermsASP system is encrypted. This is to ensure a static set of code for updates and support. Some files however are not encrytped and can be modified directly by users. This is due to the necessity of having to modify settings or to give the option for better integration into existing online software.
It is important that these are also kept up to date with the latest security changes, though. In particular the following three ASP code files:
- utils.asp - which holds base functions including those for security (some of which may be user modified)
- appdata.asp - which holds basic variable settings (again, which may be modified)
- login.asp - which is the secure logon procedure for the entire site (which may be modified to integrate into an existing login process)
As these can be user modified, they are not automatically changed during updates, but require direct checking and action by users.
Each web file has the following comment at the top with the Month and Year:
'' GENERATED VERSION: MMMMMMM YYYY
If this is out of date or not present in live code then the state of the security updates cannot be guaranteed and the system may be open to external attacks.