Security¶
Security contains the host-wide security controls for SSL behavior, session handling, audit retention, password policies, upload restrictions, time-stamping services, and data encryption.
Use this page when you need to change security defaults that affect the whole application.
SSL Options¶
Force SSL?¶
Redirects non-SSL traffic to HTTPS and enforces secure access.
Certificate Password¶
Required when a certificate has been provided and that certificate is password-protected.
Certificate¶
Stores the SSL certificate in PFX format.
Warning: The documentation states that the full certificate chain should be packaged in the PFX file for best mobile compatibility.
User Sessions¶
Single Session¶
Restricts users to one active session at a time.
Use Session Cookie¶
Controls whether Emakin uses a session cookie.
The existing documentation notes that Emakin normally uses both local storage and session cookies for session protection. It also notes that some browsers may block cookies in privacy-focused modes, which can affect login behavior.
Login Token Expiration¶
Defines how long login tokens remain valid for flows such as email-based or integration-based login.
Bearer Token Expiration¶
Defines the user-session duration for bearer tokens. The documentation notes that these tokens are renewed in the background before they expire.
Authentication Storage¶
Defines where bearer tokens are stored in the browser:
- Local Storage: persists until logout or token expiry
- Session Storage: ends when the browser window closes
Audit Log¶
Retention Duration¶
Defines how many days audit log entries remain in the database. The documented default is 180 days.
Password Policy¶
This policy applies to built-in Emakin authentication.
Minimum Password Length¶
Minimum number of characters required.
Minimum Upper Case (A..Z) Letters¶
Minimum number of uppercase letters required.
Minimum Numeric (0..9) Letters¶
Minimum number of numeric characters required.
Minimum Lower Case (a..z) Letters¶
Minimum number of lowercase letters required.
Required Chars¶
Specific characters that must appear in the password.
Files¶
Antivirus Service URL¶
Defines the antivirus scanner endpoint.
The existing documentation states that ClamAV is currently supported and gives an example format of tcp://hostname:3310. It also notes that ClamAV must be able to reach its update sources before antivirus scanning is enabled.
Allowed File Types¶
Controls which file types users can upload.
If you define file types under Allowed, only those file types are permitted. If you define file types under Denied, those file types are blocked and others remain allowed.
Extension¶
Defines the file extension to allow or deny, such as pdf or docx.
Mime Type¶
Defines the MIME type to allow or deny, such as application/pdf.
The current documentation also preserves a default-denied list for risky extensions and MIME types. Keep that list under review before relaxing upload rules.
Time Stamping¶
This section stores connection information for time-stamping services used by electronic-signature workflows.
TimeStamp Url¶
URL of the time-stamping server.
Timestamp Server User¶
Username used for time-stamping service authentication.
Timestamp Server Password¶
Password used for time-stamping service authentication.
Data Encryption¶
This section controls whether newly stored form data and uploaded files are encrypted.
The preserved documentation notes:
- encryption affects newly stored data, not previously stored unencrypted data
- disabling encryption later does not remove access to previously encrypted data
- form data and files can be controlled separately
Encrypt Form Data¶
Enables or disables encryption of form data.
Encrypt Files¶
Enables or disables encryption of uploaded file content.