############################################################################### # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. ############################################################################### #### # OFBiz Security Settings #### # -- define the default security context to be user security.context=default # -- define the password restrictions -- password.length.min=5 # -- disable the account after this many logins -- max.failed.logins=3 # -- disable the account for this many minutes (if 0, then indefinate) -- login.disable.minutes=5 # -- disable global logout -- login.disable.global.logout=false # -- store a record for each login attempt? -- store.login.history=true store.login.history.on.service.auth=false store.login.history.incorrect.password=true # -- should we encrypt (SHA Hash) the password? -- password.encrypt=true # -- specify the type of hash to use for one-way encryption, will be passed to java.security.MessageDigest.getInstance() -- # -- options may include: SHA, MD5, etc password.encrypt.hash.type=SHA # -- this is helpful to recover old accounts or to be able to login at all sometimes -- # -- SHOULD GENERALLY NOT BE TRUE FOR PRODUCTION SITES, but is useful for interim periods when going to password encryption -- password.accept.encrypted.and.plain=false # -- should we convert usernames and passwords to lowercase? (useful for case insensitive usernames and passwords) -- username.lowercase=false password.lowercase=false