Setup Security

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search

Return to user
documentation index
File Doc user.png

Help About Screen: Security Setup

Menu Path: Home ► Setup ► Security

Security setup
Security setup

Security setup change technical and functional behaviour. In this page you can setup :

  • CAPTCHA on login page, advance permissions, Session time out
  • Passwords security
  • Files Upload
  • External/Internet Access
  • Audit
  • Default Permissions

Miscellaneous

On this tab, you can setup :

  • Use graphical code (CAPTCHA) on login page (Yes or No) : On login page, CAPTCHA will be required each time a user would like to login
  • Use the advanced permissions of some modules (Yes or No) : Some modules give advanced permissions to have more granularity.
  • Time out for session : User sessions will be labeled as "to be deleted" after this time. The deletion of the PHP Session is handled by the system and depend on where Dolibarr is installed.

Passwords

Rules to generate and validate passwords

You can select one of the three implemented rules for the passwords validation :

  • Perso : Define by yourself the rules to be followed in the "Password pattern description" section
  • None : Users can do what they want : Warning.png Not recommanded at all !
  • Standard : 8 characters containing shared numbers and characters in lowercase.

To activate one rule, click on the "Activate" link.

Parameters

Three additional parameters :

  • Encrypt passwords stored in database (NOT as plain-text). It is strongly recommended to activate this option.
  • Encrypt database password stored in conf.php. It is strongly recommended to activate this option.
  • Do not show the "Password Forgotten" link on the Login page

Files Upload

Four parameters available :

  • Maximum size for uploaded files (0 to disallow any upload) : Size in kb.

Note: your PHP configuration also define limits, irrespective of the value of this parameter.

  • UMask parameter for new files on Unix/Linux/BSD/Mac file system (0664 by default)
  • Full path to antivirus command (to analyse uploaded files)

Example for ClamWin: c:\\Progra~1\\ClamWin\\bin\\clamscan.exe
Example for ClamAv: /usr/bin/clamscan

  • More parameters on command line

Example for ClamWin: --database="C:\\Program Files (x86)\\ClamWin\\lib"
Then you have the Form to test file upload (according to setup)

External/Internet Access

Timeout

Two timeouts can be set for external sites :

  • Connection timeout in seconds
  • Response timeout in seconds

Proxy

If Dolibarr need to go throu proxy to access to internet, fill the information here. Note: This point is not directly linked to setup of your internet browser, it's only used to allow to Dolibarr to access to internet for some rare resources like RSS feed or external news feed from the server.
First put the field "Use a proxy server (otherwise access is direct to the internet)" to "Yes". Then enter the four fields below :

  • Proxy server: Name/Address
  • Proxy server: Port
  • Proxy server: Login/User
  • Proxy server: Password

Audit

Setup Audit trail activation. detail can be seen in Admin tools->Audit

Default Permissions

Default permissions are right that will be automatically grant to all new user, they do not affect existing one. For each modules (internal or external) you have to authorize read, edit, delete right. Some module can have more right to define. To give a right, change it click on the plus (+) sign, or click on minus (-) to remove it.

Be careful, this screen allow to set default rules, for all new users. To set it with more accuracy, go to User->right screen, you can create security group and affect it to users. The inherit right will appears as "inherited" right and cannot be change.

Retrieved from "https://wiki.dolibarr.org/index.php?title=Setup_Security&oldid=47516"