...
| HTML |
|---|
<p>Within the Windows Registry, right click and select <span class="keyword">New ? String Value</span> and name it <span class="keyword">HighSecurity</span>.</p>
<p> Then, double-click on it and enter the Value of <span class="keyword">True</span>, as shown below:</p>
<img src="http://www.tri-line.com/common/img/documentation/tim_enterprise/HighSecurity.png" alt="HighSecurity Registry value" />
<p>When the <span class="keyword">HighSecurity</span> Registry value is set to <span class="keyword">True</span>, the following restrictions are imposed:-</p>
<ol>
<li> Ability to block individual web scripts by including them in a blacklist file:
<div style="border-width: 1px;" class="code panel"><div class="codeContent panelContent">
<div><div class="syntaxhighlighter java" id="highlighter_500102"><div class="toolbar"><span><a class="toolbar_item command_help help" href="#">?</a></span></div>
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td class="gutter"><div class="line number1 index0 alt2">1</div></td><td class="code">
<div title="Hint: double-click to select code" class="container"><div class="line number1 index0 alt2"><code class="java plain">"\ssldata\{class}\blacklist.___"</code></div></div></td></tr>
</tbody></table></div></div>
</div></div>
</li>
<li> Enforce password complexity for web users (additional Registry entries required)</li>
<li> Forbid direct SQL queries through web interface</li>
<li> System alert messages are silently suppressed</li>
<li> System database connection tests forbidden</li>
<li> Ability to (re)create system database tables inhibited</li>
<li> Cannot change or test web (HTTP) port</li>
<li> Cannot send test emails</li>
<li> Debug information suppressed if a XSL translation error occurs</li>
</ol>
<h2>Web interface protocols</h2>
<p>The default behaviour is to allow all protocols TLS1, SSL2 and SSL3.</p>
<p>You can change the type of connection that TIM will respond to by adding the Registry String Value <span class="keyword">WWWSSLProtocol</span>.</p>
<p>Note that this this is a case-insensitive string value with one of the following data values:</p>
<table class="confluenceTable">
<tbody>
<tr>
<th class="confluenceTh" width=166>Registry String data value</th>
<th class="confluenceTh">Description</th>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">nossl</span></td>
<td class="confluenceTd">No SSL protocols, behave like a standard HTTP server</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl23</span></td>
<td class="confluenceTd">SSL2 and SSL3 protocols only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl2</span></td>
<td class="confluenceTd">SSL2 protocol only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl3</span></td>
<td class="confluenceTd">SSL3 protocol only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">tls1</span></td>
<td class="confluenceTd">TLS1 protocol only</td>
</tr>
</tbody>
</table>
<h2>Password complexity</h2>
<p>You can configure TIM Enterprise web users with complex passwords to match your organisation's IT password policy.</p>
<p>To enable complex passwords, a Registry String Value <span class="PasswordComplexitykeyword">PasswordComplexity</span> must be added.</p>
<p>The use of the following data string values, allows you to configure how complex the passwords are:</p> |
...
| Note |
|---|
NOTE: The value of "PasswordComplexity" must always be 8 characters, otherwise the policy will not be implemented. The order of each Type pair (Type character and amount character) is not important. |
| HTML |
|---|
<h2>Automatic expiry of Web user passwords</h2>
<p>You can force Web users to change the password after a predetermined age has been set. Note that this is a system wide setting.</p>
<p>The server running TIM Enterprise will email the web user advising
that a password change is required. The web user must have an email
address configured for notification to take place.</p>
<p>If the password is not changed by the expiry date then the account is automatically disabled.</p> |