Security settings allows the Administrator to configure security related options without looking for Technicians help to solve security breaches. By configuring the General and Advanced settings, the Administrator can ensure protection of the application from various types of vulnerabilities.
Configure account lockout threshold and duration: The administrator can configure the settings in such a way that, if a user enters wrong credentials for 'n' number of times, the account gets locked automatically and displays the desired message in the login page. The account can be reset/unlocked within the duration specified. The Administrator can unlock an account by clicking the link provided and choosing 'Unlock'. The pop-up will display the locked accounts with their domain and IP address.
The Administrator can choose to notify the Technicians either through e-mail or as Technician space notification in the header.
Server Port and Protocol Configuration:
The Administrator can choose to run the application in HTTP or HTTPS mode.
For HTTP: Specify the default Server port where the application has to run and the NIO port.
For HTTPS: After specifying the server port and NIO port, the Administrator can choose from the listed TLS versions and Ciphers that help in proper encryption of data, thus preventing hackers from stealing it.
Configure expiry date for "Keep me signed-in" feature: This allows the administrator to set duration for number of days the user can be kept signed in to the application. On the expiry date, the user has to re-aunthenticate by entering the same username and password again. By default, the user has to re-authenticate for every 45 days.
Add security response headers: Allows the user to safeguard the application from different types of vulnerabilities, by configuring security headers. These headers can prove very useful in protection against certain type of attacks. Choose the required security response header from the list. You can also include or exclude one or more response headers.
Domain Filtering during Login : When entering the username during login, the domain will automatically be loaded. The Administrator can disable domain filtering and display the entire list of domain names. The probability of knowing the domain name can thus be reduced.
Stop uploading scanned XMLs via non-login URL: Agent sends scanned XML to the application and through a non-login URL, there is a chance that any other scanned XML data can be uploaded into the application. By enabling this option, the application will not respond to the unwanted upload process in between as proper authentication is necessary.
Application must be restarted for the saved settings to take effect.