Difference between revisions of "Setup Security"
m Tag: 2017 source edit |
m Tag: 2017 source edit |
||
| Line 12: | Line 12: | ||
'''Menu Path''': Home ► Setup ► Security | '''Menu Path''': Home ► Setup ► Security | ||
| + | |||
| + | [[File:Security setup EN.png|alt=Security setup|thumb|Security setup]] | ||
Security setup change technical and functional behaviour. | Security setup change technical and functional behaviour. | ||
| − | In this page you can setup | + | In this page you can setup : |
| + | * CAPTCHA on login page, advance permissions, Session time out | ||
| + | * Passwords security | ||
| + | * Files Upload | ||
| + | * External/Internet Access | ||
| + | * Audit | ||
| + | * Default Permissions | ||
| − | * | + | =Miscellaneous= |
| − | * | + | On this tab, you can setup : |
| − | * | + | * Use graphical code (CAPTCHA) on login page (Yes or No) : On login page, CAPTCHA will be required each time a user would like to login |
| + | * Use the advanced permissions of some modules (Yes or No) : Some modules give advanced permissions to have more granularity. | ||
| + | * Time out for session : User sessions will be labeled as "to be deleted" after this time. The deletion of the PHP Session is handled by the system and depend on where Dolibarr is installed. | ||
| + | =Passwords= | ||
| + | ==Rules to generate and validate passwords== | ||
| + | You can select one of the three implemented rules for the passwords validation : | ||
| + | * '''Perso ''': Define by yourself the rules to be followed in the "Password pattern description" section | ||
| + | * '''None ''': Users can do what they want : [[File:Warning.png]] Not recommanded at all ! | ||
| + | * '''Standard''' : 8 characters containing shared numbers and characters in lowercase. | ||
| + | To activate one rule, click on the "Activate" link. | ||
| − | == | + | ==Parameters== |
| − | + | Three additional parameters : | |
| − | + | * Encrypt passwords stored in database (NOT as plain-text). It is strongly recommended to activate this option. | |
| + | * Encrypt database password stored in conf.php. It is strongly recommended to activate this option. | ||
| + | * Do not show the "Password Forgotten" link on the Login page | ||
| − | == | + | =Files Upload= |
| − | + | Four parameters available : | |
| + | * Maximum size for uploaded files (0 to disallow any upload) : Size in kb.<br /> | ||
| + | <u>Note:</u> your PHP configuration also define limits, irrespective of the value of this parameter. | ||
| + | * UMask parameter for new files on Unix/Linux/BSD/Mac file system (0664 by default) | ||
| + | * Full path to antivirus command (to analyse uploaded files) <br /> | ||
| + | Example for ClamWin: c:\\Progra~1\\ClamWin\\bin\\clamscan.exe<br /> | ||
| + | Example for ClamAv: /usr/bin/clamscan | ||
| + | * More parameters on command line<br /> | ||
| + | Example for ClamWin: --database="C:\\Program Files (x86)\\ClamWin\\lib" | ||
| + | <br /> | ||
| + | Then you have the Form to test file upload (according to setup) | ||
| − | == | + | =External/Internet Access= |
| − | + | ==Timeout== | |
| + | Two timeouts can be set for external sites : | ||
| + | * Connection timeout in seconds | ||
| + | * Response timeout in seconds | ||
| + | ==Proxy== | ||
| + | If Dolibarr need to go throu proxy to access to internet, fill the information here. Note: This point is not directly linked to setup of your internet browser, it's only used to allow to Dolibarr to access to internet for some rare resources like RSS feed or external news feed from the server.<br /> | ||
| + | First put the field "Use a proxy server (otherwise access is direct to the internet)" to "Yes". Then enter the four fields below : | ||
| + | * Proxy server: Name/Address | ||
| + | * Proxy server: Port | ||
| + | * Proxy server: Login/User | ||
| + | * Proxy server: Password | ||
| − | + | =Audit= | |
| − | Setup Audit trail activation. detail can be seen in | + | Setup Audit trail activation. detail can be seen in Admin tools->Audit |
| − | ==Default | + | ==Default Permissions== |
| − | Default | + | Default permissions are right that will be automatically grant to all new user, they do not affect existing one. |
| − | For each modules (internal or external) you have to | + | For each modules (internal or external) you have to authorize read, edit, delete right. Some module can have more right to define. |
| − | To give a right, change it click on the plus (+) sign, or | + | To give a right, change it click on the plus (+) sign, or click on minus (-) to remove it. |
| − | Be | + | Be careful, this screen allow to set default rules, for all new users. To set it with more accuracy, go to User->right screen, you can create security group and affect it to users. The inherit right will appears as "inherited" right and cannot be change. |
Revision as of 10:02, 8 June 2020
Help About Screen: Security Setup
Menu Path: Home ► Setup ► Security
Security setup change technical and functional behaviour. In this page you can setup :
- CAPTCHA on login page, advance permissions, Session time out
- Passwords security
- Files Upload
- External/Internet Access
- Audit
- Default Permissions
Miscellaneous
On this tab, you can setup :
- Use graphical code (CAPTCHA) on login page (Yes or No) : On login page, CAPTCHA will be required each time a user would like to login
- Use the advanced permissions of some modules (Yes or No) : Some modules give advanced permissions to have more granularity.
- Time out for session : User sessions will be labeled as "to be deleted" after this time. The deletion of the PHP Session is handled by the system and depend on where Dolibarr is installed.
Passwords
Rules to generate and validate passwords
You can select one of the three implemented rules for the passwords validation :
- Perso : Define by yourself the rules to be followed in the "Password pattern description" section
- None : Users can do what they want :
Not recommanded at all ! - Standard : 8 characters containing shared numbers and characters in lowercase.
To activate one rule, click on the "Activate" link.
Parameters
Three additional parameters :
- Encrypt passwords stored in database (NOT as plain-text). It is strongly recommended to activate this option.
- Encrypt database password stored in conf.php. It is strongly recommended to activate this option.
- Do not show the "Password Forgotten" link on the Login page
Files Upload
Four parameters available :
- Maximum size for uploaded files (0 to disallow any upload) : Size in kb.
Note: your PHP configuration also define limits, irrespective of the value of this parameter.
- UMask parameter for new files on Unix/Linux/BSD/Mac file system (0664 by default)
- Full path to antivirus command (to analyse uploaded files)
Example for ClamWin: c:\\Progra~1\\ClamWin\\bin\\clamscan.exe
Example for ClamAv: /usr/bin/clamscan
- More parameters on command line
Example for ClamWin: --database="C:\\Program Files (x86)\\ClamWin\\lib"
Then you have the Form to test file upload (according to setup)
External/Internet Access
Timeout
Two timeouts can be set for external sites :
- Connection timeout in seconds
- Response timeout in seconds
Proxy
If Dolibarr need to go throu proxy to access to internet, fill the information here. Note: This point is not directly linked to setup of your internet browser, it's only used to allow to Dolibarr to access to internet for some rare resources like RSS feed or external news feed from the server.
First put the field "Use a proxy server (otherwise access is direct to the internet)" to "Yes". Then enter the four fields below :
- Proxy server: Name/Address
- Proxy server: Port
- Proxy server: Login/User
- Proxy server: Password
Audit
Setup Audit trail activation. detail can be seen in Admin tools->Audit
Default Permissions
Default permissions are right that will be automatically grant to all new user, they do not affect existing one. For each modules (internal or external) you have to authorize read, edit, delete right. Some module can have more right to define. To give a right, change it click on the plus (+) sign, or click on minus (-) to remove it.
Be careful, this screen allow to set default rules, for all new users. To set it with more accuracy, go to User->right screen, you can create security group and affect it to users. The inherit right will appears as "inherited" right and cannot be change.