Security Significance
This table describes recommended security-related settings by significance. They are grouped by high, medium, and low in security significance.
| Significance | Configuration Setting | Recommended Setting |
|---|---|---|
| High | CHAT_WS_API_IP_HOST |
Set to allowed IP addresses and subnet masks. Note: To enable this hidden setting and define your allowed IP addresses
and subnet masks, Submit a Service Request. |
CLIENT_SESSION_EXP |
15 This setting is also used in the desktop usage administration feature. |
|
CP_FORCE_PASSWORDS_OVER_ HTTPS |
Yes |
|
CP_LOGIN_COOKIE_EXP |
As needed. |
|
CP_REDIRECT_HOSTS |
Set to allowed hosts or leave default setting (blank) to prevent all redirects outside of the interface domain, including external sites. |
|
EU_CUST_PASSWD_ENABLED |
Yes |
|
SEC_VALID_ADMIN_HOSTS |
Set to allowed IP addresses. |
|
SEC_VALID_CHAT_API_HOSTS |
Set to allowed hosts and subnet masks. |
|
SESSION_HARD_TIMEOUT |
12 |
|
| Medium | CHAT_CORS_ALLOWLIST |
Set to allowed origins. |
CP_CONTACT_LOGIN_REQUIRED |
As needed. |
|
CP_LOGIN_MAX_TIME |
As needed. |
|
EGW_PASSWD_CREATE |
Yes |
|
EGW_SECURE_UPDATE_MODE |
2 |
|
EGW_VISUAL_EMAIL |
No (default = Yes) |
|
FACEBOOK_INCIDENTS_ENABLED |
Yes |
|
FATTACH_OPEN_ENABLED |
Yes |
|
INC_PRIVATE_TRANSCRIPT_ONLY |
Yes |
|
SEC_EU_EMAIL_LINK_EXPIRE |
8 |
|
SUBMIT_TOKEN_EXP |
30 |
|
WEBFORM_ID_BY_COOKIE_ DEFAULT |
As needed. |
|
WEBFORM_ID_BY_LOGIN_ DEFAULT |
As needed. |
|
WEBFORM_ID_BY_LOGIN_ REQUIRED_DEFAULT |
As needed. |
|
WEBFORM_ID_BY_URL_PARAM_ DEFAULT |
As needed. |
|
WEBFORM_SET_COOKIE_DEFAULT |
As needed. |
|
WIDGET_INSTALLATION_HOSTS |
Set to allowed domain names. |
|
| Low | CP_COOKIES_ENABLED |
As needed. |
CP_MAX_LOGINS |
As needed. |
|
CP_MAX_LOGINS_PER_CONTACT |
As needed. Note: If you set a value
for this setting, you must also set a non-zero value for CP_LOGIN_MAX_TIME. |
|
FACEBOOK_OAUTH_APP_ID |
As needed. |
|
FACEBOOK_OAUTH _APP_SECRET |
As needed. |
|
FATTACH_MAX_SIZE |
As small as practical for your needs. Note: Regardless of the file attachment limits you define, file upload
will fail if the upload takes more than 5 minutes. |
|
LOGIN_SECURITY_MSG |
As needed. |
|
MYSEC_AUTO_CUST_CREATE |
As needed. |
|
SEC_BROWSER_USER_AGENT |
As needed. |
|
SEC_INVALID_ENDUSER_HOSTS |
As needed. |
|
SEC_INVALID_USER_AGENT |
As needed. |
|
SEC_SPIDER_USER_AGENT |
As needed. |
|
SEC_VALID_ENDUSER_HOSTS |
As needed. |
|
SEC_VALID_INTEG_HOSTS |
As needed. |
|
TWITTER_OAUTH_APP_ID |
As needed. |
|
TWITTER_OAUTH_APP_SECRET |
As needed. |