Documentation

Security
in package

Configuration file: Config\Security.

Table of Contents

$allowedFormDomains  : mixed
Allowed domains which can be used as the target of a form submissions from a given context, used in CSP.
$allowedFrameDomains  : mixed
Allowed domains for loading frame, used in CSP and validate referer.
$allowedImageDomains  : mixed
Allowed domains for loading images, used in CSP.
$allowedScriptDomains  : mixed
Allowed domains for loading script, used in CSP.
$apiLifetimeSessionCreate  : mixed
Maximum session lifetime from the time it was created (in minutes)
$apiLifetimeSessionUpdate  : mixed
Maximum session lifetime since the last modification (in minutes)
$askAdminAboutVisitPurpose  : bool
$askAdminAboutVisitSwitchUsers  : bool
$askSuperUserAboutVisitPurpose  : bool
$CACHE_LIFETIME_SENSIOLABS_SECURITY_CHECKER  : mixed
Cache lifetime for SensioLabs security checker.
$CACHING_PERMISSION_TO_RECORD  : mixed
Configuration of the permission mechanism on records list.
$CHANGE_LOGIN_PASSWORD  : mixed
Changing the settings by the user is possible true/false
$cookieForceHttpOnly  : mixed
Force the use of https only for cookie.
$cookieSameSite  : mixed
Same-site cookie attribute allows a web application to advise the browser that cookies should only be sent if the request originates from the website the cookie came from.
$cspHeaderActive  : mixed
HTTP Content Security Policy response header allows website administrators to control resources the user agent is allowed to load for a given page
$cspHeaderTokenTime  : mixed
HTTP Content Security Policy time interval for generating a new nonce token
$csrfActive  : mixed
Enable CSRF protection
$csrfFrameBreaker  : mixed
Enable verified frame protection, used in CSRF
$csrfFrameBreakerWindow  : mixed
Which window should be verified? It is used to check if the system is loaded in the frame, used in CSRF.
$EMAIL_FIELD_RESTRICTED_DOMAINS_ACTIVE  : mixed
Restricted domains allow you to block saving an email address from a given domain in the system.
$EMAIL_FIELD_RESTRICTED_DOMAINS_ALLOWED  : mixed
List of modules where restricted domains are enabled, if empty it will be enabled everywhere.
$EMAIL_FIELD_RESTRICTED_DOMAINS_EXCLUDED  : mixed
List of modules excluded from restricted domains validation.
$EMAIL_FIELD_RESTRICTED_DOMAINS_VALUES  : mixed
Restricted domains
$fieldsReferencesDependent  : mixed
Interdependent reference fields
$forceHttpsRedirection  : mixed
Force site access to always occur under SSL (https) for selected areas. You will not be able to access selected areas under non-ssl. Note, you must have SSL enabled on your server to utilise this option.
$forceUrlRedirection  : mixed
Redirect to proper url when wrong url is entered.
$generallyAllowedDomains  : mixed
Generally allowed domains, used in CSP.
$hpkpKeysHeader  : mixed
HTTP Public-Key-Pins (HPKP) pin-sha256 For HPKP to work properly at least 2 keys are needed.
$LOGIN_PAGE_REMEMBER_CREDENTIALS  : mixed
Remember user credentials
$loginSessionRegenerate  : mixed
Update the current session id with a newly generated one after login and logout
$maxLifetimeSession  : mixed
Lifetime session (in seconds)
$maxLifetimeSessionCookie  : mixed
Specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means 'until the browser is closed.' How much time can someone be logged in to the browser. Defaults to 0.
$PERMITTED_BY_ADVANCED_PERMISSION  : mixed
Permitted by advanced permission.
$PERMITTED_BY_PRIVATE_FIELD  : mixed
Permitted by private field.
$PERMITTED_BY_RECORD_HIERARCHY  : mixed
Permitted by record hierarchy.
$PERMITTED_BY_ROLES  : mixed
Permitted by roles.
$PERMITTED_BY_SHARED_OWNERS  : mixed
Permitted by shared owners.
$PERMITTED_BY_SHARING  : mixed
Permitted by sharing.
$permittedModulesByCreatorField  : mixed
List of modules to which access is based on the record creation.
$permittedWriteAccessByCreatorField  : mixed
Permission level access based on the record creation
$proxyConnection  : mixed
Do you want all connections to be made using a proxy?
$proxyHost  : mixed
Proxy host
$proxyLogin  : mixed
Proxy login
$proxyPassword  : mixed
Proxy password
$proxyPort  : mixed
Proxy port
$proxyProtocol  : mixed
Proxy protocol: http, https, tcp
$purifierAllowedDomains  : mixed
List of allowed domains for fields with HTML support
$RESET_LOGIN_PASSWORD  : mixed
Possible to reset the password while logging in (true/false)
$SHOW_MY_PREFERENCES  : mixed
Show my preferences
$USER_AUTHY_MODE  : mixed
User authentication mode.
$USER_ENCRYPT_PASSWORD_COST  : mixed
Password encrypt algorithmic cost. Numeric values - we recommend values greater than 10.
$whitelistIp2fa  : mixed
IP address whitelisting.

Properties

$allowedFormDomains

Allowed domains which can be used as the target of a form submissions from a given context, used in CSP.

public static mixed $allowedFormDomains = ['https://www.paypal.com']

$allowedFrameDomains

Allowed domains for loading frame, used in CSP and validate referer.

public static mixed $allowedFrameDomains = []

$allowedImageDomains

Allowed domains for loading images, used in CSP.

public static mixed $allowedImageDomains = []

$allowedScriptDomains

Allowed domains for loading script, used in CSP.

public static mixed $allowedScriptDomains = []

$apiLifetimeSessionCreate

Maximum session lifetime from the time it was created (in minutes)

public static mixed $apiLifetimeSessionCreate = 1440

$apiLifetimeSessionUpdate

Maximum session lifetime since the last modification (in minutes)

public static mixed $apiLifetimeSessionUpdate = 240

$askAdminAboutVisitPurpose

public static bool $askAdminAboutVisitPurpose = true

Ask admin about visit purpose

$askAdminAboutVisitSwitchUsers

public static bool $askAdminAboutVisitSwitchUsers = true

Ask admin about switch users purpose

$askSuperUserAboutVisitPurpose

public static bool $askSuperUserAboutVisitPurpose = true

Ask super user about visit purpose, only for the settings part

$CACHE_LIFETIME_SENSIOLABS_SECURITY_CHECKER

Cache lifetime for SensioLabs security checker.

public static mixed $CACHE_LIFETIME_SENSIOLABS_SECURITY_CHECKER = 3600

$CACHING_PERMISSION_TO_RECORD

Configuration of the permission mechanism on records list.

public static mixed $CACHING_PERMISSION_TO_RECORD = false

true - Permissions based on the users column in vtiger_crmentity. Permissions are not verified in real time. They are updated via cron. We do not recommend using this option in production environments. false - Permissions based on adding tables with permissions to query (old mechanism).

$CHANGE_LOGIN_PASSWORD

Changing the settings by the user is possible true/false

public static mixed $CHANGE_LOGIN_PASSWORD = true

$cookieForceHttpOnly

Force the use of https only for cookie.

public static mixed $cookieForceHttpOnly = true

Values: true, false, null

$cookieSameSite

Same-site cookie attribute allows a web application to advise the browser that cookies should only be sent if the request originates from the website the cookie came from.

public static mixed $cookieSameSite = 'Strict'

Values: None, Lax, Strict

$cspHeaderActive

HTTP Content Security Policy response header allows website administrators to control resources the user agent is allowed to load for a given page

public static mixed $cspHeaderActive = true

$cspHeaderTokenTime

HTTP Content Security Policy time interval for generating a new nonce token

public static mixed $cspHeaderTokenTime = '5 minutes'

$csrfActive

Enable CSRF protection

public static mixed $csrfActive = true

$csrfFrameBreaker

Enable verified frame protection, used in CSRF

public static mixed $csrfFrameBreaker = true

$csrfFrameBreakerWindow

Which window should be verified? It is used to check if the system is loaded in the frame, used in CSRF.

public static mixed $csrfFrameBreakerWindow = 'top'

$EMAIL_FIELD_RESTRICTED_DOMAINS_ACTIVE

Restricted domains allow you to block saving an email address from a given domain in the system.

public static mixed $EMAIL_FIELD_RESTRICTED_DOMAINS_ACTIVE = false

Restricted domains work only for email address type fields.

$EMAIL_FIELD_RESTRICTED_DOMAINS_ALLOWED

List of modules where restricted domains are enabled, if empty it will be enabled everywhere.

public static mixed $EMAIL_FIELD_RESTRICTED_DOMAINS_ALLOWED = []

$EMAIL_FIELD_RESTRICTED_DOMAINS_EXCLUDED

List of modules excluded from restricted domains validation.

public static mixed $EMAIL_FIELD_RESTRICTED_DOMAINS_EXCLUDED = ['OSSEmployees', 'Users']

$EMAIL_FIELD_RESTRICTED_DOMAINS_VALUES

Restricted domains

public static mixed $EMAIL_FIELD_RESTRICTED_DOMAINS_VALUES = []

$fieldsReferencesDependent

Interdependent reference fields

public static mixed $fieldsReferencesDependent = false

$forceHttpsRedirection

Force site access to always occur under SSL (https) for selected areas. You will not be able to access selected areas under non-ssl. Note, you must have SSL enabled on your server to utilise this option.

public static mixed $forceHttpsRedirection = false

$forceUrlRedirection

Redirect to proper url when wrong url is entered.

public static mixed $forceUrlRedirection = true

$generallyAllowedDomains

Generally allowed domains, used in CSP.

public static mixed $generallyAllowedDomains = []

$hpkpKeysHeader

HTTP Public-Key-Pins (HPKP) pin-sha256 For HPKP to work properly at least 2 keys are needed.

public static mixed $hpkpKeysHeader = []

https://scotthelme.co.uk/hpkp-http-public-key-pinning/, https://sekurak.pl/mechanizm-http-public-key-pinning/.

$LOGIN_PAGE_REMEMBER_CREDENTIALS

Remember user credentials

public static mixed $LOGIN_PAGE_REMEMBER_CREDENTIALS = false

$loginSessionRegenerate

Update the current session id with a newly generated one after login and logout

public static mixed $loginSessionRegenerate = true

$maxLifetimeSession

Lifetime session (in seconds)

public static mixed $maxLifetimeSession = 900

$maxLifetimeSessionCookie

Specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means 'until the browser is closed.' How much time can someone be logged in to the browser. Defaults to 0.

public static mixed $maxLifetimeSessionCookie = 0

$PERMITTED_BY_ADVANCED_PERMISSION

Permitted by advanced permission.

public static mixed $PERMITTED_BY_ADVANCED_PERMISSION = true

$PERMITTED_BY_PRIVATE_FIELD

Permitted by private field.

public static mixed $PERMITTED_BY_PRIVATE_FIELD = true

$PERMITTED_BY_RECORD_HIERARCHY

Permitted by record hierarchy.

public static mixed $PERMITTED_BY_RECORD_HIERARCHY = true

$PERMITTED_BY_ROLES

Permitted by roles.

public static mixed $PERMITTED_BY_ROLES = true

$PERMITTED_BY_SHARED_OWNERS

Permitted by shared owners.

public static mixed $PERMITTED_BY_SHARED_OWNERS = true

$PERMITTED_BY_SHARING

Permitted by sharing.

public static mixed $PERMITTED_BY_SHARING = true

$permittedModulesByCreatorField

List of modules to which access is based on the record creation.

public static mixed $permittedModulesByCreatorField = []

$permittedWriteAccessByCreatorField

Permission level access based on the record creation

public static mixed $permittedWriteAccessByCreatorField = false

$proxyConnection

Do you want all connections to be made using a proxy?

public static mixed $proxyConnection = false

$proxyHost

Proxy host

public static mixed $proxyHost = ''

$proxyLogin

Proxy login

public static mixed $proxyLogin = ''

$proxyPassword

Proxy password

public static mixed $proxyPassword = ''

$proxyPort

Proxy port

public static mixed $proxyPort = 0

$proxyProtocol

Proxy protocol: http, https, tcp

public static mixed $proxyProtocol = ''

$purifierAllowedDomains

List of allowed domains for fields with HTML support

public static mixed $purifierAllowedDomains = []

$RESET_LOGIN_PASSWORD

Possible to reset the password while logging in (true/false)

public static mixed $RESET_LOGIN_PASSWORD = false

$SHOW_MY_PREFERENCES

Show my preferences

public static mixed $SHOW_MY_PREFERENCES = true

$USER_AUTHY_MODE

User authentication mode.

public static mixed $USER_AUTHY_MODE = 'TOTP_OPTIONAL'
Tags
see
Users_Totp_Authmethod::ALLOWED_USER_AUTHY_MODE

Available values: TOTP_OFF - 2FA TOTP is checking off TOTP_OPTIONAL - It is defined by the user TOTP_OBLIGATORY - It is obligatory.

$USER_ENCRYPT_PASSWORD_COST

Password encrypt algorithmic cost. Numeric values - we recommend values greater than 10.

public static mixed $USER_ENCRYPT_PASSWORD_COST = 10

The greater the value, the longer it takes to encrypt the password.

$whitelistIp2fa

IP address whitelisting.

public static mixed $whitelistIp2fa = []

Allow access without 2FA.


        

Search results