Posts Tagged: v4.33

Schedule regular Security Audits

You may not know, but MIDAS includes a built-in “Security Audit” tool.

This allows you to perform a quick and on-demand security analysis of your MIDAS system.

Perform a detailed Security Audit of your MIDAS room booking system
Perform a detailed Security Audit of your MIDAS room booking system

First introduced with the release of MIDAS v4.13 in 2016, the “Security Audit” tool tests a number of key metrics of your MIDAS booking system.

The audit checks your MySQL / MariaDB setup, MIDAS files, and recommended MIDAS security settings.

It provides a detailed report with appropriate advisories for hardening the security of your MIDAS system.

When the Security Audit was first introduced, it analyzed 15 metrics. Today, that number has increased to over 20.

For MIDAS v4.33, the audit now additionally also…

  • Indicates the number of recently failed login attempts to your MIDAS system.
  • Checks whether Geofenced logins have been enabled.

But the biggest improvement to Security Audits for MIDAS v4.33 is the ability to schedule regular automated security audits.

Until now, a Security Audit could only be manually initiated (via MIDAS Admin Options → Manage MIDAS → Security → Perform a Security Audit)

From MIDAS v4.33, you can now use Scheduled Tasks to automatically run a Security Audit and email you the results. Audits can be configured to run every 7, 14, 30, 60, or 90 days.

Schedule automated security audits of your MIDAS booking system
Schedule automated security audits of your MIDAS booking system

Geolocation and Geofencing

We’re excited to announce Geolocation and Geofencing support for our MIDAS room and resource scheduling software.

What is Geolocation?

Geolocation support in MIDAS room booking systems

Geolocation is the process of determining the geographic location of a user’s device. It is used in a variety of applications, such as mapping, navigation, and weather forecasting. A device’s location can be determined using a variety of methods, including GPS, cell tower triangulation, and IP address location.

IP address geolocation is a method of determining the position in the world of an IP address. This can be done by using a variety of methods, including:

  • Reverse DNS lookup: This method involves looking up the IP address in a DNS database to determine the name of the domain that is associated with the IP address. The domain name can then be used to determine the geographic location of the server that hosts the domain.
  • Geolocation databases: These databases contain information about the geographic location of IP addresses. This information is typically collected from a variety of sources, such as ISPs and network operators.

It is important to note that IP address geolocation is not always accurate. The accuracy of IP address geolocation depends on a variety of factors. These include the quality of the geolocation database and the method that is used to determine the geographic location of the IP address.

What is Geofencing?

Geofencing is an extension of geolocation. Once a device’s geographic location can be determined through geolocation, “Geofencing” can be used by a website or application to ensure that devices outside of an authorized area are denied access.

IP geofencing works by creating a virtual radius at a set distance around a fixed point on the globe. By comparing the latitude and longitude coordinates of a user’s device, with this fixed point, the distance between them can be calculated. This calculation will determine whether the user’s device falls within the set virtual radius.

Access form any device which falls outside of a set radius of the central fixed location can then be blocked.

Geolocation applications within MIDAS

Initially, there are two main areas within our booking software where geolocation information can be shown.

First, is the Recent Activity Log. This audit log in MIDAS records all user activity and actions taking place in your booking system. Each entry in the log is time-stamped, and shows the user account and IP address which performed the action.

From MIDAS v4.33, the optional Geolocation addon can be configured to allow location information to be shown for IP addresses in the Recent Activity Log. This location information includes the city, region, and country that the IP address resides in.

The second application for geolocation in MIDAS accompanies the unfamiliar login notifications feature.

The unfamiliar login notifications feature alerts users when their account is signed in to from a new device or location.

These notifications typically include details of the user’s device / browser and their IP address.

Geolocation support now means that you can optionally configure these notifications to now also include the city, region, and country that the login occurred from.

Geofencing applications within MIDAS

Building on the new geolocation support, Geofencing can be used to further enhance the security of your MIDAS system.

It can be used to restrict account logins to certain countries. For example, if your organization only has offices within the United States and the United Kingdom, your colleagues are typically likely to only need to login to MIDAS from within either the US or the UK. You can use geofencing to block any login attempts originating from countries other than the US or the UK.

Restrict MIDAS logins to certain countries
Restrict MIDAS logins to certain countries

Geofencing can additionally (or alternatively) also restrict account logins to within a certain distance from your location. For example, if you run a radio station in Manchester, UK, you could restrict logins to your MIDAS system to within say a 10 mile radius of Manchester.

Restrict MIDAS logins to within a radius of a set geographic location
Restrict MIDAS logins to within a radius of a set geographic location

How to enable Geolocation or Geofencing in MIDAS

The new Geolocation and Geofencing features are available for MIDAS v4.33 (or later) via our optional Geolocation addon.

Existing customers with active subscriptions can obtain this addon via

If you’re new to MIDAS, you can subscribe with the Geolocation addon via

Geolocation data accuracy

The accuracy of IP geolocation data depends on a number of factors, including the quality and freshness of the geolocation database, the method that is used to determine the geographic location of the IP address, and the type of IP address.

The IP geolocation data we use in the Geolocation addon for MIDAS is never more than 30 days old.

In general, IP geolocation data is most accurate for large geographic areas, such as countries or states. It can become less accurate for smaller geographic areas, such as cities or neighborhoods.

That’s why if you use the distance based geofence features of the Geolocation addon, you should always set a larger liberal distance than necessary, rather than a very small strict distance from your location. The Geolocation addon does include an instant IP lookup test tool, so you can check IP distances before you apply them.

The Geolocation addon also includes “fallback” options for both country / distance geofence enforcement. For IP addresses where a country and/or latitude and longitude coordinates cannot be determined, you can configure MIDAS to either block or allow these connections.

It’s also worth noting that the accuracy of IP geolocation data can be affected by the use of proxy servers and VPNs. Proxy servers and VPNs can mask the true IP address of a device, making it difficult to determine the device’s geographic location.

Our MIDAS room and resource scheduling software is available in two editions, a “cloud-hosted” edition and a “self-hosted” edition.

These days, around two thirds of our customers opt for our cloud-hosted edition. Despite this, we’re still very much committed though to offering and supporting a self-hosted edition too.

Now, one of the challenges in developing a web-based application like MIDAS is that it relies on 3rd party components.

For example, to run a web based application, you first need a web server that supports the coding language the web application is written in. You also need a database server to store data for the application.

Countless combinations

Web servers first and foremost need an operating system (like Windows or Linux). They also require underlaying web server software – such as Apache or IIS – to name just two. There are of course numerous operating systems and server software, with different variations and configurations of each.

MIDAS is written in Perl. There are a number of different “flavors” of Perl for different operating systems. For example, on Windows servers both ActivePerl and Strawberry Perl are available.

Finally database servers; MIDAS currently supports MySQL and MariaDB databases, and different versions of each of these.

Here at MIDAS HQ, we have test MIDAS systems running on a range of common setups. However, it would be virtually impossible for us to test our software on every conceivable combination of Operating System, Web Server, Perl, and Database versions.

Although rare, if a self-hosted customer encounters an issue with our software on their particular setup, we’re usually able to replicate it in our labs and provide a solution.

Very occasionally though a self-hosted customer encounters an issue which we’re not able to readily identify and reproduce.

As we (rightly) don’t have access to self-hosted customer’s own servers, this can make troubleshooting challenging.

It can be even more challenging if the self-hosted customer (or their IT provider) is not especially server-savvy. For instance, we may occasionally request files from a customer to aid in our troubleshooting…

A real-world example

In a recent support request, a self-hosted customer encountered an issue after updating their MIDAS system. We weren’t able to immediately replicate this in our testing, and so we requested additional information from the customer. The customer had to contact their IT supplier for assistance in retrieving these files from their MIDAS. Their IT supplier was slow in providing the requested information, which we didn’t receive for a couple of weeks.

Once in receipt of the additional information, however, we were able to identify and resolve the issue within a couple of hours. The customer though was understandably frustrated that it had taken two weeks to resolve (due to the delay with their IT supplier).

As a result of this, we decided to take steps to make it easier for us to support self-hosted customers in the future.

Helping us to help you!

So starting with MIDAS v4.33, there’s now an option for a self-hosted customer to send us diagnostic information directly from within their MIDAS system. This bypasses situations where a customer may have to contact or raise a ticket with their external IT support/provider in order for us to assist them.

If you run into an issue with your self-hosted MIDAS system, our support team may provide you with a “Support Code”. Simply login to your MIDAS system and go to MIDAS Admin Options → Manage MIDAS → Database → Database Tools, and select “Send Support Bundle”.

Easily send diagnostic data to the MIDAS support team
Easily send diagnostic data to the MIDAS support team

You’ll be prompted to enter your Support Code before clicking the “Send Support Bundle to MIDAS” button. Your MIDAS system will then self-generate diagnostic information. This information is then securely sent to our support team for further analysis.

The following data is included within the support bundle that’s securely transmitted to MIDAS HQ:

  • A copy of the program files which make up your MIDAS system
  • A copy of the settings file for your MIDAS system
  • A copy of your MIDAS database
  • A copy of any MIDAS debug logs
  • Information on your server setup

This diagnostic data can really aid our support team speed up the diagnosis of the potential issue you’re having with your self-hosted MIDAS system.