When Specify is launched it automatically checks for updates and allows the user to choose to download and install the update, then provides a login mechanism.
Application security for Specify 6 has a few layers. First, Specify uses a "Master" account (username and password), which is the only account with access permission to the underlying database manager (MySQL or MariaDB). Second, Specify uses specific User account credentials (username and password), that enables individual access to the Specify application. Specify uses only one Master username and password for all users, but encrypts the Master password with the User credential information, creating an encrypted string, or key. This allows the Master account information to be encrypted and uniquefor each user account.
Some setup and database administration tasks in Specify, such as creating new Disciplines or Divisions, require a third password, what is referred to as the "IT User" or "IT" password. The IT account and password is used to login directly to the underlying database manager (MySQL or MariaDB). The account has full administrator privileges within the database manager and is typically referred to as a 'root' account, and was created when the database manager was originally installed. When a database administrator makes changes to the Specify database schema, the Specify "IT Account" enables root-level access to the MySQL or MariaDB data manager. IT user account credentials are required whenever there is a published update to Specify that modifies or extends the underlying database structure (schema) of the database. Not all updates modify the database schema but many do and the IT user account credentials are required in those cases.
In review, there are four (4) different types of credentials in Specify:
- User username and User password
- Master username and Master password
- Master Key, (Encrypted username / password )
- IT username and IT password (used to gain access to the MySQL database manager)
Starting Specify for the First Time
The very first time a user is required to login to Specify they will need to know their User username and password as well as their Encryption Key. An Encryption Key can be created from within the Login tool; however, it requires that the user know the Master username and password to create a new key.
The User credentials are stored on the user's machine. This allows the Login tool to automatically fill in the Username and Encryption Key for previous users. When opening Specify the username will be pre-filled with the username last user to open Specify.
If you are accessing Specify on a new computer you will be required to fill in your User username and password as well as a valid Encryption Key, just as you did when logging into Specify for the first time.
The login process includes dialog windows for entering all types of login information.
Users with an existing Username and Password can simply login using the correct fields.
Users that are logging in for the first time, or wish to login to a different database than they were previously using must click theMore Information button.
Expanded Login Dialog
When the Specify database is created using the Specify Wizard the Database and Server information should be included in the dialog. If the database and server information is not included in the dialog you may type them into the drop-down menu box. If you do not know the name of your database or server and you are running Specify on a local machine please consult your IT administrator. If more than one database and server are available the dialog will list all the choices for both.
If you are accessing a remote server, you will need to fill in the Database and Server name (this can be an IP address if the IP is 'Static').
Users wishing to configure their server and firewall to use a Port other than the default (3306) port may do so and type the new port number into the box provided. If your port has not been reconfigured for a specific port the default port is 3306.
Dialog for creating the Encryption Key
The Master Source information refers to the location that the encryption is stored. At this time Specify does not support obtaining an encryption key from a web service, so choose Encryption key stored in local preferences.
Encrypted Username / Password refers to the Encryption Key, or string that results when the Master username and password are Encrypted using the User username and password. This can be created by the IT administrator when a new user is created in the Specify application and then given to the user, or it can be created by clicking the Generate Master ... button.
Creating the Encryption Key
Type in the information for both the User and Master credentials click the Generate button. The Show Password button can be used to turn off the encryption characters and show the actual textual password information.
The encrypted Master Username and Password now appears in the Encrypted box.
Completed Login Dialog
The first login dialog is now presented. Click the Login button to complete the process.