<< Click here to display Table of Contents >> Navigation: Exprodo SDM Configuration Guide > Global Preferences:

Security

Contents

The Security tab of the Global Preferences page sets up the items below:

Miscellaneous

GenPrefSecurity

Setting	Description
Browser Allowed To Remember Passwords	Exprodo SDM is configured so that it allows the user's browser to remember their login name and password (if this facility is enabled by each user's browser). Disable this facility at a global level by setting this to false.
Brute Force Password Hacking	This enables or disables protection against brute force password hacking attempts. This should probably always be enabled. The only potential problem with this is that the protection involves disabling logging in from the IP address being used by the hacker. So if there is a hacker on your own network, it's possible that this protection could stop some legitimate users logging in temporarily. This is only ever temporary
Forgotten Login Names/Passwords	Exprodo SDM is configured to allow users to reset their password automatically if forgotton.
On IP Address Change	Exprodo SDM is configured to force a logout if the users IP address changes. Set to Allow session to span IP Address to switch this off.
On Password Change	Exprodo SDM is configured to force users to re-login if they change their password.
User Session Timeout In Minutes	The number of minutes before the users session will timeout.
Minimum Login Name	The minimum number of charcters a login name is allowed to be.
Auto Refresh Delay	The delay in minutes between refreshes for those pages that support them.

IP Address Stability

A user can specify whether to force a logout when an IP address changes. Some networks are configured to change the apparent IP address used by the browser at a regular interval. This change in IP address is treated in Exprodo SDM as a likely hack attempt and so automatically logs users out when the same session is used from multiple IP addresses. This can now optionally be disabled for networks that normally have unstable IP addresses.

Password Content

This provides control of the content of passwords that people are allowed to use.

GenPrefSecPassword

Setting	Description
Minimum Password Length	This specifies how many characters must be in each password. A user will not be able to set a password that is shorter than this setting.
Have a Been Pwned Threshold.	This specifies the threshold of how many times the password has been exposed before rejection.
Require lower case characters	Specifies whether passwords must include lower case characters.
Require upper case characters	Specifies whether passwords must include upper case characters.
Require numbers	Specifies whether passwords must include numbers.
Require non-alphanumerics	Specifies whether passwords must include characters that are not numbers or letters.

Passwords are prevented from containing identifying information. Specifically, we prevent passwords from containing:

•given name, family name, middle name

•login name, login identifier

•"exprodo", "calpendo"