Navigation: Purchasing (Main Module) > Setup System > Security and Password Options Security Settings |
Scroll Prev Top Next More |
PURCHASING > Setup system> Security and password options > Security settings
These settings work in conjunction with Application Password Management Settings and Active Directory Password Management Settings to monitor and control access to SpendMap.
You must be a SpendMap System Administrator to use this utility.
Security Settings Screen
Field |
Description |
||
After (#) failed login attempts |
•This setting can be used to ward off automated attempts to gain access to the system (i.e. hacking in) by cycling through user ID and password combinations. This setting applies whether you are using internal passwords or Active Directory Integration. •Enter the number of permitted failed login attempts (i.e. when someone tries to log in with an invalid user ID and/or password) and then select an option, below, for what to do when this limit is exceeded. Enter zero (0) do disable this feature and allow an unlimited number of failed login attempts (not recommended).
|
||
Consider it a threat when X single IP address failures occur (helps detect IP address spoofing) |
•This setting applies to the full Web App and the Mobile Web App. •This setting attempts to detect IP address spoofing (faking) by allowing for a maximum number of total IP address failures. Once this threshold is reached, a threat notification can be logged (see below). •Unlike the “Maximum number of failed login attempts” setting, above, that applies to a user attempting to gain access from a single IP address, this setting applies to any IP address. Therefore, this setting will apply if someone is trying to gain unauthorized access by cycling/modifying (i.e. “spoofing”) their IP address in an attempt to get around the “Maximum number of failed login attempts” restriction. |
||
Peer IP addresses for connections to Web App servers. |
•These IP addresses are permitted to connect to the application server used for the SpendMap Web App. Typically, these would be the IP addresses of the web server(s) that communicate with the application server. If a connection is made to the application server from an IP address that is not included in this setting, the request is denied and the socket is closed. •If this value is left blank, any peer will be allowed to connect to the application server (assuming proper authentication is provided). •You can enter multiple IP addresses separated by spaces or on separate lines (will be reformatted with one IP address per line when saved) but do NOT include spaces within the IP address itself. •Note: In the case where a peer is connecting via a proxy server, the proxy server’s IP address (and not the end node’s IP address) needs to be entered here. |
||
Peer IP addresses for connections to Mobile Web App server |
•Similar to the setting above, these IP addresses are permitted to connect to the application server used for the Mobile Web App. Typically, this would be the Mobile App web server(s). •If this value is left blank, any peer will be allowed to connect to the mobile web application server (assuming proper authentication is provided). |
||
Log login/connection failure attempts? |
•Check this box to log potential security threats to a text file called SECURITY.LOG in the system’s root folder on the file server. This file can be viewed using the [VIEW LOG] button (you may need to associate the .LOG file extension with a text file viewer like NotePad) or can be viewed externally using any text file viewer. A new log can be started by selecting the [START A NEW LOG] button (i.e. the existing security log will be deleted). •For security reasons, only general messages are returned to the client. Therefore, to obtain a more accurate error message for connection failures, the security log can be used which lists the actual reason for the failure. |
||
Notify [USER] of possible threats |
•In addition to the Log described above, you can optionally enter a User ID to receive automatic notifications of possible threats as they are added to the security log (don’t forget to include an e-mail address for the user ID). To reduce the number of messages that are sent, messages are queued in 5-minute intervals before an e-mail notification is sent out. |
||
Allowable file extensions for attachments. |
•You can optionally specify a list of file extensions that are permitted when uploading attachments into the system. •If this field is left blank, the following file extensions will be allowed: |