Versions Compared

Version Old Version 8 New Version Current
Changes made by

Amit Munwes

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This useful information can be highly confidential. DPOD therefore implements a suite of security functions in order to enable confidentiality and and Role Based Access Control to DPOD's functions and information.

Secure Web Access

...

DPOD has the following features securing web access:

 

  • The Console uses a
Self
  • self-signed certificate and a key (in PEM format) generated during
the
  • DPOD's installation process. The user should replace them with the organization’s certificate.
  Audit
  • Audit log (
Access
  • access log)
-
  • exists and is enabled by default
- You can
  • . The user may configure its format
, It can be done from 
  • in /app/ui/MonTier-UI/conf/server.xml
look for the string:
  • (under the key "access_log
and look for explanation in the comments
  • ").
 

  • Session timeout

- yes (30 min) - session timeout - It can be configured from the config files only . It can be done from 

  • is set to 30 minutes by default. The user may change this default in /app/ui/MonTier-UI/conf/web.xml

- look for the string: session-timeout and look for explanation in the the comments. DOD Lockout - You can

  • (under the key "session-timeout").

  • DOD Lockout is enabled by default. The user may configure the number of retries and period of lockout
from the config files only . It can be done from the file
  • in /app/ui/MonTier-UI/conf/server.
xml change the
  • xml (change LockOutRealm parameters as required).
    For
example 
  • example: <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="300" cacheSize="1000" cacheRemovalWarningTime="3600">
 Limit admin
  • Admin users access
by IP