Default Security Configuration
- Navigate to Web Projects Control Panel > Web Security > Security Configuration
- The Framework comes with a pre-configured security configuration. However, you should review and make sure those settings are right for your application.
- You MUST review the settings under Data Recovery Options (see below).
Some of the more important default settings are:
Security Policy tab
- Security is active.
- A password is required.
- Redirect Page - login: login.a5w
- Redirect Page - insufficient permissions: unauthorized.a5w
- Security Table Type: SQL Database
Login Options tab
- Login username (also called userid) must be an email address.
- Login expiration policy: Expires when current session expires
- Redirect after login: index.a5w
- Ignore return to page after login: True
User ID and Password Options tab
- User ID Configuration: Email Address
- Password encryption: False (you might want to turn this on)
Data Recovery Options tab
- Lost password action: Recover Password
- Data require to recover password: valid email address
- Lost data recovery method: send email to user
-
Open Configure email request from user and set the Send To Email. This password recovery option is rarely deployed, but if you do not change this email address, all of your users password requests will come to me.
Customize Options tab
- Enable external user identifier: False
- Enable component security for virtual pages: True
- Always enforce security at component level for AJAX grids: True
- Ask browser not to cache requests requiring login: True