Security

This section allows configuring overall security settings for the application. You can enable/disable several security procedures, set a password policy, allow/deny uploading specific file types and configure time stamp server information on this page.

Details

SSL Options

This subsection allows setting SSL options.

image-20231212-112216.png

Force SSL?

Forces connection to use SSL protocol. When checked all non-SSL connections (HTTP) are automatically redirected to SSL (HTTPS) connection.

Certificate Password

SSL certificate password. Not required if no SSL certificate is added.

Certificate

Copy/paste your certificate content into this area. The certificate must in PFX format and the password must be set.

For mobile devices please be sure that all certificate chain (SSL certificate and parent issuer certificates) are stored in PFX format. Otherwise some mobile devices cannot validate the SSL certificate and you may have some validation errors in device browser.

General Settings

image-20231212-112607.png

Single Session

Restricts users to have only one session at a time. When this feature is enabled, users can not log into the application from more than one computer at the same time.

Use Session Cookie

Specify whether the session cookie is used or not.

By default, emakin uses local storage and cookies at the same time to prevent XSS and CSRF attacks. Both of these tokens must be in correlation to ensure the session is valid.

Some browsers (especially do-not-track mode) may reject storing any kind of cookie for privacy concerns. When this mode, emakin logins may fail. Enabling this setting disables all cookie usages and all session information is stored in the browser’s local storage area.

Login Token Expiration

Specifies the maximum duration for login tokens. These tokens are specially used for e-mail or integration-based authentications. After this period login token became invalid and cannot be used.

For example “I Forget Password” feature uses this duration and the generated e-mail authentication link will be valid for a given duration.

Bearer Token Expiration

Specifies the session duration. These tokens are used for session control and renewed automatically in the background if about the expire.

Authentication Storage

Specifies where to store generated bearer tokens in the browser.

Local Storage; Sessions are stored until the user is logged off or expires.

Session Storage; Sessions are terminated when the browser window is closed.

Audit Log

Retention Duration

Specifies the retention period for audit log entries stored in the database. Default value is 180 days.

Password Policy

Enforce a password policy for built-in authentication with Emakin login method.

Minimum Password Length

Specify the minimum password length required.

Minimum Upper Case (A..Z) Letters

Specify the minimum number of upper case letters required.

Minimum Numeric (0..9) Letters

Specify the minimum number of numeric letters required.

Minimum Lower Case (a..z) Letters

Specify the minimum number of lower case letters required.

Required Chars

Enter specific characters to be required in the password.

Files

Antivirus Service URL

Specifies the antivirus scanner service URL.

Currently only https://www.clamav.net/ is supported and an example service URL can be specified as “tcp://hostname:3310”

The anti-virus definition database is updated from the https://database.clamav.net address. Please be sure ClamAV has a connection to this URL before enabling it.

Allowed File Types

Allow/deny specific file types to control the file types uploaded into the application. Use this section carefully since adding any file types under these categories will respectively result in allowing/denying that added type and denying/allowing the rest of the file types.

Extension

Specify the extension of the file type you want to allow/deny.

Mime Type

Specify the mime type of the file type you want to allow/deny.

If not configured emakin denies the following file types by default;

htm
html
exe
dll
asp
aspx
php
bat
cmd
sh
cgi
js
app
jar
vb
vbs
wsf
wsc
wsh
jsp
htaccess
lnk
url

text/html
image/svg+xml
application/vnd.wap.xhtml+xml
application/x-xpinstall
application/x-shockwave-flash,
application/javascript
application/x-bsh
application/x-sh
application/x-shar
text/x-script.sh
text/php
text/x-php
application/php
application/x-php
application/x-httpd-php
application/x-httpd-php-source
application/x-dosexec
application/x-msdownload
application/exe
application/x-exe
application/dos-exe
vms/exe
application/x-winexe
application/msdos-windows
application/x-msdos-program

Time Stamping

This section allows setting timestamp server connection information to be used with e-signature applications (e.g. Kolay İmza).

TimeStamp Url

URL of the timestamp server.

Timestamp Server User

Username to authenticate with timestamp server.

Timestamp Server Password

Password to authenticate with timestamp server.

Copyright © 2010 - 2023 Emakin. All rights reserved.