Security Settings
Login
uachieve.selfservice.security.login.usernameParameter
String
Versions 4.0.2 - current
Name of the request parameter that holds the username when a user logs in, either via the login screen or a link from another application.
uachieve.selfservice.security.login.passwordParameter
String
Versions 4.0.2 - current
Name of the request parameter that holds the password when a user logs in, either via the login screen or a link from another application.
uachieve.selfservice.security.login.useDefaultPassword
Boolean
Versions 4.0.2 - current
Tells the application whether or not to use the default if no password is provided when logging in.
uachieve.selfservice.security.login.defaultPassword
String
Versions 4.0.2 - current
Value of the password used for logging in if no value is provided. Will only be used if uachieve.selfservice.security.login.useDefaultPassword is set to true.
uachieve.selfservice.security.login.allowAccessToLoginPage
String
Versions 4.0.2 - current
Controls whether users can access the login page to login. If users should only be able to access Self Service via a link from another application, set this to false.
Vulnerabilities
uachieve.selfservice.security.disableFrames
Boolean
Versions 4.0.5 - current
Controls whether self-service can be run as a frame in another webpage. If cross-frame scripting vulnerabilities are a concern, set this to true.
Database
uachieve.security.appid
String
Versions 4.0.2 - current
The application code for self-service
uachieve.security.jdbc.driver
String
Versions 4.0.0 - current
Name of the JDBC driver to use for the security database. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".
Oracle |
|
---|---|
Microsoft MSSQL (using jTDS) |
|
DB/2 |
|
uachieve.security.jdbc.url
String
Versions 4.0.0 - current
JDBC formatted URL of your security database. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".
Oracle |
|
|
---|---|---|
Microsoft MSSQL (using jTDS) |
|
|
DB/2 |
|
uachieve.security.jdbc.username
String
Versions 4.0.0 - current
Security database username. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".
uachieve.security.jdbc.password
String
Versions 4.0.0 - current
Security database password. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".
Direct Links
uachieve.selfservice.security.urlEncode
String
Versions 4.0.7 - current
Controls whether parameters in direct audit links should be url encoded/decoded during the encryption/decryption process.
uachieve.selfservice.security.allowDirectAuditLink
String
Versions 4.0.7 - current
Controls whether directly linking to an audit is allowed or not.