...
- Access is provided via a supported web browser over HTTPS.
- DPOD uses a self-signed certificate and a key (in PEM format) generated during DPOD's installation process. The administrator should replace them with the organization’s certificate.
- Access, functionality and information are subject to Role Based Access Control. The administrator should configure a Lightweight Directory Access Protocol (LDAP)
...
- registry and assign security roles to users and groups.
- Session timeout is set to 60 minutes by default. The user may change this default in /app/ui/MonTier-UI/conf/web.xml and /app/appadmin/MonTier-AppAdmin/conf/web.xml (under the key "session-timeout").
- User lockout (in case of wrong password) is enabled by default. The administrator may configure the number of retries and period of lockout in /app/ui/MonTier-UI/conf/server.xml and /app/appadmin/MonTier-AppAdmin/conf/server.xml (change LockOutRealm parameters as required).
For example: <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="300" cacheSize="1000" cacheRemovalWarningTime="3600"> - Admin users access may be limited by IP address. See Limit Admin Users Access by IP.
- Access log exists and is enabled by default. The administrator may configure its format in /app/ui/MonTier-UI/conf/server.xml and /app/appadmin/MonTier-AppAdmin/conf/server.xml (under the key "access_log").
- Audit log can be enabled. See Web & Admin Consoles Audit Log.