Configuration Manager - Security
The "Security" menu contains a variety of settings available to further harden security at an application level. Having these settings configurable provides flexibility in certain areas where imc customers may have differing requirements for functionality compared with security.
Description
Setting | What does the setting do? |
|---|---|
Allow symbolic links | Defines whether file download is allowed to follow symbolic links on the installation or not. |
Password hash algorithm | Defines the hash algorithm which should be used for password hashing. |
Enable CORS domain restriction | Defines whether CORS filter is active or not. |
CORS domain restriction | Defines the value of the "Access-Control-Allow-Origin" security header if the CORS filter (Cross origin resource sharing) is activate. (current restriction apparently is /data/client_design/* (see web.xml)). |
Registration mails editing | Defines whether registration mails can be edited or not. |
Skip sanitizing system texts with confirmation | Defines wether the sanitzer can bypass system texts or not. |
Enable encryption of ID’s | Defines whether ids like e.g. person ids should be encrpyted in certain areas of the application. |
Sanitize request | Activates request sanitisation to protect the system against malicious user input. |
Encryption key | |
Initialization vector | |
Encryption life time in minutes | |
Protection mechanism against CSV injection | |
Protection mechanism for profile page objects | Protection mechanism for profile page objects such that not everyone can see all profile pages and all profile attributes. Binds access to object acls on profile pages. Using this you have to grant ACL rights in the backend on the corresponding profile pages. |
Supported Link media URL protocols | Defines the list of protocols that should be allowed for accessing link media elements via the course room or direct deep-links to media details page for media assigned in courses. |
Only allow "root relative" urls in navigation requests (e.g. /ilp/ ) | Checks if the "redirect_uri" parameter in REST-API navigation requests is root-relative (e.g. /ilp/). This setting is off by default as some systems still might have old absolute values in application.properties/ilp.publicurl parameter and need to be updated first. |
Denial of access: Active | When active a users is locked out when trying to log in multiple times with the wrong password. |
Denial of access: Duration | Duration of the denial of access (in seconds). 0: The time for the denial of access is unlimited and must be reversed manually. |
Number of attempts | Number of consecutive registration attempts allowed before denial of access is activated. |
Other security settings
Configuration Manager - Client | Access and security