...
This useful information can be highly confidential. DPOD therefore implements a suite of security functions in order to enable confidentiality and and Role Based Access Control to DPOD's functions and information.
Secure Web Access
Access to DPOD's Web Console is provided via a supported web browser over HTTPS (SSL).
The Console uses a Self signed certificate and key (in PEM format) generated during the DPOD installation process.
The user should replace them with the organization’s certificate.
Audit log (Access log ) - exists and enabled by default - can config format.. Can be done from /app/ui/MonTier-UI/conf/server.xml look for string: access_log and look for explanation in comments.
Session timeout - yes (30 min) - session timeout - can be configured from files only . Can be done from /app/ui/MonTier-UI/conf/web.xml - lookfor string: session-timeout and look for explanation in comments.
- DOD Lockout - You can config number of retry and period of lockout from files only . Can be done from file /app/ui/MonTier-UI/conf/server.xml change the LockOutRealm as required.For example <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="300" cacheSize="1000" cacheRemovalWarningTime="3600">