Skip to main content
CollegeSource Support

Security Settings

 

Login

uachieve.selfservice.security.login.usernameParameter

String
Versions 4.0.2 - current
Name of the request parameter that holds the username when a user logs in, either via the login screen or a link from another application.

uachieve.selfservice.security.login.passwordParameter

String
Versions 4.0.2 - current
Name of the request parameter that holds the password when a user logs in, either via the login screen or a link from another application.

uachieve.selfservice.security.login.useDefaultPassword

Boolean
Versions 4.0.2 - current
Tells the application whether or not to use the default if no password is provided when logging in.

uachieve.selfservice.security.login.defaultPassword

String
Versions 4.0.2 - current
Value of the password used for logging in if no value is provided. Will only be used if uachieve.selfservice.security.login.useDefaultPassword is set to true.

uachieve.selfservice.security.login.allowAccessToLoginPage

String
Versions 4.0.2 - current
Controls whether users can access the login page to login. If users should only be able to access Self Service via a link from another application, set this to false.

Vulnerabilities

uachieve.selfservice.security.disableFrames

Boolean
Versions 4.0.5 - current
Controls whether self-service can be run as a frame in another webpage. If cross-frame scripting vulnerabilities are a concern, set this to true.

Database

uachieve.security.appid

String
Versions 4.0.2 - current
The application code for self-service

uachieve.security.jdbc.driver

String
Versions 4.0.0 - current
Name of the JDBC driver to use for the security database. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".

Oracle

oracle.jdbc.driver.OracleDriver

Microsoft MSSQL (using jTDS)

net.sourceforge.jtds.jdbc.Driver

DB/2

COM.ibm.db2.jdbc.app.DB2Driver

uachieve.security.jdbc.url

String
Versions 4.0.0 - current
JDBC formatted URL of your security database. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".

Oracle

 

jdbc:oracle:thin:@<HOST>:<PORT>:<SID>

 

Microsoft MSSQL (using jTDS)

 

jdbc:jtds:<server_type>://<server>[:<port>][/<database>][;<property>=<value>[;...]]

 

DB/2

 

jdbc:db2://<HOST>:<PORT>/<DB>

 

uachieve.security.jdbc.username

String
Versions 4.0.0 - current
Security database username. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".

uachieve.security.jdbc.password

String
Versions 4.0.0 - current
Security database password. This property is not required if the security tables are in the main uachieve database. If this is so, see the comment in jdbc-ctx.xml referring to "alias".

Direct Links

uachieve.selfservice.security.urlEncode

String
Versions 4.0.7 - current
Controls whether parameters in direct audit links should be url encoded/decoded during the encryption/decryption process.

uachieve.selfservice.security.allowDirectAuditLink

String
Versions 4.0.7 - current
Controls whether directly linking to an audit is allowed or not.

  • Was this article helpful?