Web application attacks are constantly evolving. With data being such a valuable asset, it is crucial to keep system security updated to avoid losses. The new security module, besides being extremely flexible and intuitive, implements several security features and best practices, making the system much more robust against these attacks.
In this article, we will learn how to migrate from the old security module to the new one, taking advantage of all these benefits.
What is required?
Before we can carry out the migration, we need to prepare the old module to receive updates because, as mentioned earlier, the new module implements several improvements and features that were not present in the old one. To do this, we will need to modify the “sec_users” table created by the module.

By default, tables created by the security module have the prefix "sec_" and are located in the "Security" directory of the project.
Modifying the sec_users Table

The Database builder is not available for all DBMS. It is possible to make the same changes using any tool that allows database management — such as Dbeaver, for example.
1. Access the database builder via Database → Database builder:
2. Look for the “SQL command” option:
- Execute the SQL Alter table command to add the fields “role,” “phone,” “pswd_last_updated,” and “mfa_last_updated” to the sec_users table
Note that “role” and “phone” will be of type TEXT, while “pswd_last_updated” and “mfa_last_updated” will be of type TIMESTAMP. It is important to select the appropriate data type according to your DBMS — like Varchar and TIMESTAMP for MySQL, for example.
1. ALTER TABLE sec_users ADD COLUMN phone TEXT NULL DEFAULT NULL;
2. ALTER TABLE sec_users ADD COLUMN role TEXT NULL DEFAULT NULL;
3. ALTER TABLE sec_users ADD COLUMN pswd_last_updated TIMESTAMP NULL DEFAULT NULL;
4. ALTER TABLE sec_users ADD COLUMN mfa_last_updated TIMESTAMP NULL DEFAULT NULL;
Migrating to the New Security Module
Once the modification to the sec_users table is complete, you can proceed with the migration to the new security module:
1. Access Modules → Security
2. Click on “Create security module”:
3. Select the type of security that will be used:
It is important that the security type of the new module matches the old one.
- Select the connection that contains the tables from the old module and check the “Use existing tables” option
5. Click the reload button “↻” to Scriptcase can see the changes in the table and click “Next”
- Associate the fields with the corresponding columns and click “Next”:
USER:
- Table → sec_users
- Login → login
- Password → pswd
- Name → name
- Phone → phone
- Position → role
- E-mail → email
- Active → active
- Activation code → activation_code
- Administrator privilege → priv_admin
- Two-Factor authentication (2FA) → mfa
- Picture → picture
- Last password change → pswd_last_updated
- Revalidation time → mfa_last_updated
GROUP:
- Table → sec_groups
- ID → group_id
- Description → description
APPLICATION:
- Table → sec_apps
- Application Name → app_name
- Description → description
- Type of Application → app_type
USER/GROUP:
- Table → sec_users_groups
- Login → login
- Group Code → group_id
GROUP/APPLICATION:
- Table → sec_groups_apps
- Group Code → group_id
- Application Name → app_name
- Access Privilege → priv_access
- Insert Privilege → priv_insert
- Delete Privilege → priv_delete
- Update Privilege → priv_update
- Export Privilege → priv_export
- Print Privilege → priv_print
SETTINGS:
- Table → sec_settings
- Name → set_name
- Value → set_value
7. Choose the prefix for the new module’s applications.
8. Fill in the “Email Settings” tab and click on “Generate security”
9. The option to save the profile is optional — you can read more about it in the documentation of the new security module. Click “OK”.
- Generate the source code for the new applications.
Conclusion
In this article, we learned about the importance of keeping the security of a project updated, the differences between the old and new security modules, and how to migrate from one to the other.
For questions related to the old module and its functionalities, refer to the documentation of the old security module.
For questions related to the new module, refer to the official documentation of the new security module.
