|
Password & Security |
  
|
|
Password & Security |
|
Enable Linux/Unix symbolic links
Allow or disallow file listing for symbolic links under Linux/Unix.
User passwords using SHA256 hash encryption
The user password will be stored with SHA256 hash by default. When this option is disabled, the password will be hashed via MD5.
Enable password salting and specify a salt string
Specifying a SALT string makes it hard to decrypt the user password. You can also use a variable "%Name" as SALT, it will be replaced into the username dynamically.
Need to change the password on the first logon
When enabled, the user needs to change his password on the first login (for Web Client only).
Minimum user password length
It will restrict the user password length when adding a user account or changing the password.
The password must contain characters from the following categories
You can specify the password complexity by choosing one or more categories.
Enable Anti-hammer
Anti-hammer function is used to protect password brute force attacks.
Ban IP xx seconds if xx failed login tries in xx seconds
The counter will monitor the login tries and count them. If the number of failed login tries during the period exceeds, the user IP will be banned for a period of time.
Redirect HTTP to HTTPS automatically
When enabled, all the HTTP will be redirected to the HTTPS protocol, and you can also specify the HTTPS listener port.
Additional HTTP headers
You can add some additional HTTP headers like "Content Security Policy": Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self';