Location: PHPKode > projects > OpenRat CMS > openrat/config/security.ini.php
 ; <?php exit('direct access denied') ?>

; Security settings for Openrat - be careful :)



; All is readonly (for maintanance jobs)
; true|false, default:false
readonly=false

; Disable publishing
nopublish=false

; Unix-UMask for all created files
; Default: none (uses system default)
; Example: '0022' (means '-rw-r--r--')
; Example: '0002' (means '-rw-rw-r--')
umask=

; CHMOD for created files
; Default: none
; Example: '0644' (means '-rw-r--r--')
; Example: '0755' (means '-rwxr-xr-x')
chmod=

; CHMOD for created directories
; Default: none
; Example: '0755' (means 'drwxr-xr-x')
; Example: '0770' (means 'drwxrwx---')
chmod_dir=

; You may disable dynamic code.
; dynamic code ("CODE"-Elements in templates) are dangerous, because they may
; interact with the file system (and much more!).
;
; Hint: only admin users are allowed to save dynamic code.
; Enable, if admin users are trustful.
; Disable, if admin users are anonym (f.e. demo-installations).
; Default: true (for secure default installation).
disable_dynamic_code = true


; Enable or disable the displaying of system information
show_system_info = true


; Useful against CSRF-attacks, this adds a token to all POST request.
use_post_token=true

; Creates a new Session on login.
; Useful against session fixation attacks.
renew_session_login=false

; Creates a new Session on logout.
; Useful against session fixation attacks. 
renew_session_logout=false



; Default Login
; These values are used for the login form.
[default]

; default: ''
username=

; default: ''
password=



; Guest Login
; if enabled, a named guest user is automatically logged in.
[guest]

; enable auto-login for a guest user.
enable=false

; Name of the guest user, who is automatically logged in.
; This user must exist in your user database.
user=guest



[login]
; Type of authorization.
; 'http' uses the HTTP Basic Authrization.
;        Only available if PHP is used in the module version.
;        Not available, if PHP is used via the CGI way.
;        Only the default database is available (because there is no way to select another one)
; 'form' shows a login form via a HTML page (default).

type=form
;type=http



[auth]
; this is the backend where the passwords are checked against.
; 'database' uses the internal database table as password store.  
; 'authdb'   uses an external database table as password store, see section [authdb] which has to exist.  
; 'ldap'     uses an external LDAP directory for password checking, see file "ldap.ini.php".
; 'http'     uses an HTTP-Auth Server for password checking 
type=database

; per-user setting of the LDAP DN.
; 'true'  users which have there LDAP-DN explicitly stored are authenticated against LDAP.
; 'false' no LDAP-DN storage per user.
userdn=false



[authorize]
; A user belongs to certain groups. This information can be stored in 2 ways.
; 'database' uses the internal database for the user-group-relation. (default)
; 'ldap' reads the user-group-relations in a LDAP-Directory
;        (in this case, /security/auth/type has to be set to "ldap", too!)
;        (see /ldap/authorize!)
type=database
;type=ldap



; password settings
[password]

; length of automatic generated password
random_length=8

; minimum passwort length
min_length=5

; Password "salt"
; ''        : no salt (default)
; 'id'      : salt the password with userid
; 'username': salt the password with username
; 'custom'  : use the 'salt_text'-setting
salt = ""

salt_text = "somerandomtext"



; this section is needed if the setting "auth/type" is 'http'.
; passwords are checked against another HTTP-Server with Basic Authorization.
[http]

; The URL where an HTTP basic authorization ist required.
url = "http://example.net/restricted-area"



; this section is needed if the setting "auth/type" is 'authdb'.
; passwords are stored against an external database table.
; This is quite useful, if you have another software running (f.e. a forum system)
; and so the user must only remember 1 password.
[authdb]

; 'mysql', 'postgresql' or 'sqlite'
type = postgresql

user = dbuser
password = dbpassword
host = 127.0.0.1
database = dbname
persistent = false

; the sql which is executed while checking the password.
; the variables {username} and {password} are replaced.
sql = "select 1 from table where user={username} and password=md5({password})"

; if the user exists in the external database, should it
; automatically be inserted into the openrat internal table?  
add = true



; SSL Client certificate Authentication
[ssl]

; The environment variable name which has the username out of the certificate.
; See modssl-configuration for more infos:
; http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#envvars
; if blank, ssl client auth is unused (default)  
user_var=
;user_var="REMOTE_USER"
;user_var="SSL_CLIENT_S_DN"
;user_var="SSL_CLIENT_S_DN_CN"

; if 'true', you trust the client certificate fully, this is a passwordless login!
; take care tto have an useful webserver configuration where you only trust CA-signed certificates.
; if 'true', the 'user_var' is needed.  
trust=false



; Open-ID
; see http://openid.net/ for specifications and more informations.
[openid]

; Enable Open-ID
; default=false
enable=false

; Should authenticated users, which are not in your user database, automatically be added?
; default=false
add=false

; Open-Id Logo
; The specification recommends the original Open-Id logo. 
;logo_url=
logo_url="http://openid.net/login-bg.gif"

; Trust-Root
; URL-Prefix in which your OpenRat installations are running.
; default=<empty> (OpenRat tries to use its own server name) 
;trust_root=http://your.server.example/openrat/
trust_root=

; Trustful servers
; Default='' (all)
;trusted_server=openid1.example.com,openid2.example.com
trusted_server=

; Should Users fullname and e-mail updated from the OpenId-Server?
update_user=true

; Using User-Identitys?
user_identity=true

; List of OpenId-Provider to use
; Special name "identity" for user defined identitys
;provider=example
provider=google

; location of the providers Yadis-document (XRDS-file)
provider.example.xrds_uri=http://google.com/accounts
; which attribute is used for mappin to the internal database
;provider.example.map_attribute=email
; which attribut of internal user database is used
; valid values are 'mail', 'username'
;provider.example.map_internal=mail

; Google supports Open-Id 2.0
provider.google.xrds_uri=http://google.com/accounts/o8/id
provider.google.map_attribute=email
provider.google.name=Google
provider.google.map_internal=mail

; Yahoo
provider.yahoo.xrds_uri=http://??????
provider.yahoo.map_attribute=usename
provider.yahoo.map_internal=mail



; Single Sign-on
; These settings are an example for checking login against "PhpMyAdmin".
; PhpMyAdmin must include a link to Openrat with the authid which includes the serialized cookies.
; Example: Include this in the file .../phpmyadmin/main.php:
; <a href="https://example.com/openrat/?authid=<?php echo urlencode(serialize($_COOKIE)) ?>">OpenRat</a>
[sso]

; use single sign-on? Set to 'true' or 'false'.
enable=false

; the url against the auth-id will be checked.
;url="http://localhost/check.php?phpsessid={id}&check=true"
url="https://www.example.com/phpmyadmin/main.php?server=1"

; the name of the parameter, where OpenRat will receive the Id, which will then be checked.
auth_param_name=authid

; is the auth-id serialized?
auth_param_serialized=true

; the auth-id will be used as a cookie
cookie=true

; if the auth-id is no array, use this cookie-name.
cookie_name=

force=true

; leave this blank.
expect=

; this is a regular expression which checks, if the login at the third-party-system is ok.
expect_regexp="/running on/"

; regular expression for find out the username
; this example is used for "PhpMyAdmin"
username_regexp="/running on localhost as ([a-z]+)@localhost/"



; Settings for a new user
[newuser]

; These groups are automatically added while a new user is inserted.
groups=YourGroup,AnotherGroup



; Logout settings
[logout]

; Redirect to this URL after logout
; <blank>= Show Login.
; Default: ""
;redirect_url="http://your.intranet.example/"
redirect_url=



[user]

; Show E-Mail-Adress in Administration-Interface.
; Default=true. If admin users should not know the mail adresses, set this to false.
; Useful for Demo-Installations where a lot of users may have administration rights. 
show_admin_mail=true

; Show users e-mail-address to other users.
; Default=true. 
show_mail=true

; Users are able to send mesages to another users via e-mail
; (not yet implemented)
send_message=true
Return current item: OpenRat CMS