Archive for February, 2009

QuickBase Fall 2008 Release Part II

Saturday, February 28th, 2009
If you are a regular QuickBase user, you’ve been hearing a lot about “App Tokens” recently. You received emails, and then on Jan 21, you started seeing a big yellow box on the top of your screen, asking if you wanted to enable them. Here are the basics on app tokens, in a friendly Q and A format.

(We’re not going to dwell on how  to use app tokens. QuickBase has plenty of help on that topic. This is more about whether they are right for you)

Q. First things first. How do you get rid of that yellow box?
A. If you want to enable tokens, click on the button; otherwise click on the X in the upper right corner, and the box will not come back. But read on before you make the decision.

Q. Okay, what is an App Token?
A. Basically, it is a kind of password. It’s a long alphanumeric string, like “9943KD93L0FDO0432MO”. Relax, you don’t need to memorize it. It’s not a password for you - it’s a password for computer programs that connect to your QuickBase application.

Q.  What programs?
A. Well, there might not be any. But lots of people have written programs for QuickBase, and you might be using one without knowing it. These are all programs that connect to QuickBase:

  • Exact Forms
  • The Resource Allocation report in Project Manager
  • Send to QuickBase
  • Data Collaborative’s cascading dropdown utility
  • Quickbase Desktop
  • Any link from QuickBase to Outlook, QuickBooks, Excel, etc.

And there are many more. If you enable App Tokens, these programs will not work until you provide an App Token to the program. The publisher of the program (Intuit or a third party) can give you instructions telling you how.

If you think you are using one or more of these programs, check with your application manager or consultant before turning App Tokens on, to avoid disabling your program.

Some programs, including Exact Forms, do not yet have an upgrade that uses App Tokens. So if you use Exact Forms, do not turn App Tokens on.

Q. That sounds like a lot of trouble. How about if I don’t bother enabling App Tokens?
A. Nice try, but App Tokens plug a QuickBase security vulnerability. Turns out that if someone who uses your application also uses a rogue QuickBase application, the rogue could get access (through “cookies”) to your application. We have not heard of this happening, but it could, and now that this vulnerability has been publicized, someone probably will try.

Q. But my users do not use any other QuickBase applications!
 A. That’s what you think. But you could visit an application without ever seeing a QuickBase screen, or even knowing it. For example, if you are looking at apartments and you browse to an agency that pulls its apartment photos from QuickBase, you have visited that application without ever knowing it.

Q. Last try - My data is not all that important. Do I really need to enable tokens now?
A. No, you don’t have to. But at some point, Intuit will require App Tokens for all applications. No date has been set yet, so you don’t have to do it now. But it’s a good idea now, and at some point, you’ll need to take the leap.

Posted in Articles | No Comments »