Skip to content

Security

This section provides an interface for configuring overall security settings for the application. Here, you can enable or disable various security procedures, set password policies, manage file upload permissions, and configure time-stamping server information.

Details

SSL Options

This subsection allows you to configure SSL options.

hostadmin_ssl_options.png

Force SSL?

Enforces the use of the SSL protocol. When enabled, all non-SSL connections (HTTP) are automatically redirected to SSL ( HTTPS) connections.

Certificate Password

The password for the SSL certificate. This is not required if no SSL certificate is added.

Certificate

Copy and paste your certificate content into this area. The certificate must be in PFX format, and the password must be set.

Warning

For mobile devices, ensure that the entire certificate chain (SSL certificate and parent issuer certificates) is stored in PFX format. Otherwise, some mobile devices may fail to validate the SSL certificate, resulting in validation errors.

User Sessions

hostadmin_usersessions.png

Single Session

Restricts users to having only one active session at a time. When this feature is enabled, users cannot log into the application from multiple devices simultaneously.

Specifies whether to use a session cookie.

By default, Emakin uses both local storage and cookies to prevent Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. Both tokens must correlate to ensure session validity.

Some browsers (especially those in "do-not-track" mode) may reject storing any cookies due to privacy concerns. This can cause Emakin logins to fail. Enabling this setting disables all cookie usage, and all session information is stored in the browser's local storage.

Login Token Expiration

Specifies the maximum duration for login tokens. These tokens are used for email or integration-based authentication. After this period, the login token becomes invalid and cannot be used.

For example, the "I Forgot Password" feature uses this setting, and the generated email authentication link will be valid for this duration.

Bearer Token Expiration

Specifies the session duration. These tokens are used for session control and are automatically renewed in the background if they are about to expire.

Authentication Storage

Specifies where generated bearer tokens are stored in the browser:

  • Local Storage: Sessions are stored until the user logs off or the token expires.
  • Session Storage: Sessions are terminated when the browser window is closed.

Audit Log

Retention Duration

Specifies how long audit log entries are stored in the database. The default value is 180 days.

Password Policy

Enforces a password policy for built-in authentication with the Emakin login method.

hostadmin_passwordpolicy.png

Minimum Password Length

Specify the minimum required password length.

Minimum Upper Case (A..Z) Letters

Specify the minimum number of uppercase letters required.

Minimum Numeric (0..9) Letters

Specify the minimum number of numeric characters required.

Minimum Lower Case (a..z) Letters

Specify the minimum number of lowercase letters required.

Required Chars

Enter specific characters that are required in the password.

Files

Antivirus Service URL

Specifies the URL for the antivirus scanner service.

Currently, only https://www.clamav.net/ is supported. An example service URL can be specified as tcp://hostname:3310.

The antivirus definition database is updated from https://database.clamav.net. Ensure that ClamAV has a connection to this URL before enabling this feature.

Allowed File Types

Use this setting to control the types of files that can be uploaded into the application. Use this section carefully, as adding file types under "Allowed" will allow only those types, and adding file types under "Denied" will deny those types, allowing all others.

hostadmin_allowed_denied_filet_ypes.png

Extension

Specify the extension of the file type you want to allow or deny.

Mime Type

Specify the MIME type of the file type you want to allow or deny.

If not configured, Emakin denies the following file types by default:

Default Denied File Extensions:

  • htm
  • html
  • exe
  • dll
  • asp
  • aspx
  • php
  • bat
  • cmd
  • sh
  • cgi
  • js
  • app
  • jar
  • vb
  • vbs
  • wsf
  • wsc
  • wsh
  • jsp
  • htaccess
  • lnk
  • url

Default Denied MIME Types:

  • text/html
  • image/svg+xml
  • application/vnd.wap.xhtml+xml
  • application/x-xpinstall
  • application/x-shockwave-flash
  • application/javascript
  • application/x-bsh
  • application/x-sh
  • application/x-shar
  • text/x-script.sh
  • text/php
  • text/x-php
  • application/php
  • application/x-php
  • application/x-httpd-php
  • application/x-httpd-php-source
  • application/x-dosexec
  • application/x-msdownload
  • application/exe
  • application/x-exe
  • application/dos-exe
  • vms/exe
  • application/x-winexe
  • application/msdos-windows
  • application/x-msdos-program

Time Stamping

This section allows you to set up time-stamping server connection information for use with electronic signature applications (e.g., Kolay Ä°mza).

hostadmin_timestamping.png

TimeStamp Url

The URL of the time-stamping server.

Timestamp Server User

The username for authenticating with the time-stamping server.

Timestamp Server Password

The password for authenticating with the time-stamping server.